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(57)AbstraGt: 

PROBLEM TO BE SOLVED: To exclude any illegal access by identifying any legal 
access with a small calculation quantity in single sign on type authentication for 
permitting plural times of access by single user authentication. 
SOLUTION: Secrecy information 4 is shared by a client means 1 and an 
authentication server means 2. The authentication server means 2 issues an 
authentication ticket 5 including collation information obtained by performing an 
irreversible arithmetic operation (f) on the secrecy information 4 (n) times. The 
client means 1 indicates this authentication ticket and presentation information 
obtained by performing an irreversible arithmetic operation (f) on the secrecy 
information 4 (n-k) times to a permission server means 3. The permission server 
means 3 performs the irreversible arithmetic operation (f) on the presented 
informstion (k) timesand checks whether or not this presented information 
matches the collation information. In this case(k) is increased from 1 to (n) so that 
the authentication ticket 5 can be used for the maximum (n) times of access 
without calculating the next presented information from the past presented 
information. 



CLAIMS 



[Claim(s)] 

[Claim 1]An authentication server means to publish an authentication ticket. 



An approval server means to which use of an authentication ticket is approvedand 
a client means which requires an authentication ticket of said authentication 
server meansand requires use approval of an authentication ticket of said approval 
server means. 

A client means which it is the authentication system provided with the aboveand 
the number of times of effective holds an authentication ticket which is n (n is a 
positive integer)shows thisand asks for use approvalProvide an approval server 
means to which presentation information is required of said client means in 
responseit compares with said authentication ticketand use is approvedand said 
authentication ticketlncluding a ticket identifiercollation informationand the number 
of times of effectivehe is given by attestation child and said collation 
informationPredetermined irreversible arithmetic operation is performed to 
confidential information which said authentication server means and said client 
means share n timesSaid presentation information in case a use count of said 
authentication ticket is k (k is a positive integer below n) performs said 
predetermined irreversible arithmetic operation to said confidential information n-k 
times. 

[Claim 2]The authentication system according to claim 1 wherein said 
authentication server means manages user authentication informationperforms a 
user authentication procedure between said client means and publishes said 
authentication ticket. 

[Claim 3]In a user authentication proceduregenerate a random numberand said 
authentication server means shows thisrequires attestation presentation 
information of said client meansand it said confidential informationThe 
authentication system according to claim 2wherein it performs said predetermined 
irreversible arithmetic operation to connection by said user authentication 
information and said random numbers once or more and said attestation 
presentation information performs said predetermined irreversible arithmetic 
operation to said confidential information n times. 

[Claim 4]Said authentication server means generates a random number in a user 
authentication procedureshows thisand requires attestation presentation 
information of a client meansSaid attestation presentation information is an 
EXCLUSIVE-OR-operation result of what performed said predetermined 
irreversible arithmetic operation to connection by said user authentication 
information and said random numbers once or moreand a random number for 
attestation which said client means generatedThe authentication system according 
to claim 2wherein said confidential information is said random number for 
attestetion counted backward from said attestation presentation information. 
[Claim 5]The authentication system according to any one of claims 2 to 4wherein 
said user authentication information is a password entered by user. 
[Claim 6]The authentication system according to any one of claims 2 to 4wherein 
said us er authentication information is the common key system encryption key 
held in secrecy. 



[Claim 7]The authentication system according to any one of claims 1 to Bwherein 
said attestation child is a message authorization code. 

[Claim 8]The authentication system according to any one of claims 1 to 6wherein 
said attestation child is a digital signature. 

[Claim 9]The authentication system according to any one of claims 1 to Swherein 
said predetermined irreversible arithmetic operation is tropism hash operation on 
the other hand. 

[Claim 10]The authentication system according to any one of claims 1 to 9wherein 
said authentication ticket contains a server identifier. 
[Claim 11]The authentication system according to any one of claims 1 to 
lOwherein said authentication ticket includes the time of the date of issue. 
[Claim 12]Said authentication ticket including a publisher identifier said approval 
server meansWhile carrying out use approvalcollation information of said 
authentication ticketthe number of times of effectivethe time of the date of issuea 
publisher identifierand an attestation child are updatedThe authentication system 
according to claim 11 wherein said collation information is updated by what 
performed said predetermined irreversible arithmetic operation to said confidential 
information n-k times and said number of times of effective is updated by n-k. 
[Claim 13]The authentication system according to any one of claims 1 to 
12wherein said approval server means has managed a use count of said 
authentication ticketshows this and requires presentation information. 
[Claim 1 4]The authentication system according to any one of claims 1 to 
12wherein said client means has managed a use count of said authentication 
ticketshows this with said authentication ticket and asks for use approval. 
[Claim 15]Have said two or more approval server means and an authentication 
ticket management tool which manages a use count of said authentication 
ticketand said client meansHave managed a use count of said authentication 
ticketwith said authentication ticketthis is shownask for use approvaland said 
authentication server meansWhile publishing said authentication ticketpoint to 
shelf registration of said authentication ticket to said authentication ticket 
management tooland said approval server meansThe authentication system 
according to any one of claims 1 to 1 1 not carrying out use approval when it 
points to renewal of a history of said authentication ticket to said authentication 
ticket management tool in response to presentation of said authentication ticket 
and a rejected note is received from said authentication ticket management tool. 
[Claim 16]Said approval server means two or more preparations and said client 
meansHave managed a use count of said authentication ticketwith said 
authen-Jcation ticketthis is shownask for use approvaland said authentication 
server meansMemorize an issuance historywhile publishing said authentication 
ticketand said approval server meansMemorize an update historywhile updating 
said authentication ticketand it refers for a history of said authentication ticket to 
said authentication server means which a publisher identifier of said authentication 
ticket shows in response to presentation of said authentication ticketor said 
approval server meansThe authentication system according to claim 12 not 



carrying out use approval when a rejected note is received from said 
authentication server means or said approval server means. 
[Claim 1 7]It is what said approval server means generates a random number in a 
use approval procedureshows thisand requires presentation informationThe 
authentication system according to any one of claims 1 4 to 1 6wherein said 
presentcition information in case a use count of said authentication ticket is k is an 
EXCLUS;iVE-OR-operation result of what performed said predetermined 
irreversible arithmetic operation to said confidential information n-k timesand said 
random number. 

[Claim 18]An authentication server means to publish an authentication ticket. 
An approval server means to which use of an authentication ticket is approvedand 
a client means which requires an authentication ticket of said authentication 
server rneansand requires use approval of an authentication ticket of said approval 
server means. 

An inpu" means from which It is the authentication system provided with the 
aboveand said client means obtains an input of the number of times of effective of 
a user-identification childuser authentication informationa server identifierand an 
authentication ticketTicket holding mechanism which obtains and holds an 
authentication ticket from said authentication server rneansand Is shown to said 
approval server meansA processing selecting means which acquires existence 
information on an authentication ticket and chooses processing from said ticket 
holding mechanismA hash means to obtain a random number and to perform hash 
operati(5n to these connection from said authentication server means while 
acquiring user authentication Information from said Input meansA secret memory 
measure which memorizes in secrecy a hash value obtained from said hash 
meansTake out a hash value from said secret memory measureand the number of 
times n of effective (n is a positive integer) is obtained from said input means in a 
user authentication procedureA multi stage hash value which performed and 
obtained hash operation of n stage Is sent to said authentication server meansin a 
use approval procedurethe using frequency k (k Is a positive integer below n) Is 
obtained from said approval server meansAn authentication information storage 
means which possessed a multi stage hash means to send a multi stage hash 
value which performed and obtained hash operation of a n-k stage to said approval 
server means and in which user authentication Information was accumulated for 
said authentication server meansThe 2nd multi stage hash means that performs 
n+1 step of hash operation to connection by random number generating means 
which irenerates a random number and is sent to said client meansand user 
authentication information acquired from said authentication information storage 
means and a random number generated by said random number generating 
meansAn attestation collation means compared with a multi stage hash value 
which obtained a multi stage hash value obtained from said client means by said 
2nd multi stage hash meansa ticket identifier creating means which generates an 
effectwe ticket identifierand attestation which clocks time and outputs time 
information ~ a time check ~ with a means. A ticket identifier obtained from said 



ticket identifier creating meansa multi stage hash value obtained from said 
attestation collation meansa server identifier obtained from said client means and 
the number of times of effectiveand said attestation — a time check — a time 
stamp based on time information acquired from a means. And an attestation child 
is added to connection of a publisher identifier which shows an authentication 
server neansapproval which an attestation child addition means sent to said client 
means as an authentication ticket is providedand said approval server means 
clocks an attestation child verifying means which verifies an attestation child of an 
authent cation ticket who got from said client meansand timeand outputs time 
information — a time check — with a means, the validity of a server identifier and 
a time stampand said approval — a time check ~ with a ticket effective judging 
means which checks the validity of a difference with time information acquired 
from a means. A ticket use management tool which remains with a ticket identifier 
of an authentication ticketand using frequencyand manages the number of times of 
availableThe 3rd multi stage hash means that outputs a secondary multi stage 
hash value which performed and obtained hash operation of k stage from said 
ticket use management tool to a multi stage hash value which obtained the using 
frequency k and was obtained from said client meansAn approval collation means 
which compares a multi stage hash value obtained from said ticket use 
management tool and a secondary multi stage hash value obtained from said 3rd 
multi stage hash means is provided. 

[Claim 19]The authentication system comprising according to claim 18: 
A server common key memory measure said attestation child addition means 
remembers a common key system encryption key shared between servers to be. 
A sel1^ dentifier storage means which memorizes a self-identifier. 
Data connecting mechanism which connects a ticket identifiera multi stage hash 
valuethe number of times of effectivea time stampa server identifierand a 
publisher identifier obtained from said self-identifier storage means. 
A connection data hash means to perform hash operation to connection data 
obtained from said data connecting mechanismA common key system 
cryptographer stage which enciphers a hash value obtained from said connection 
data hash means using a common key system encryption key obtained from said 
server common key memory measureand is made into an attestation 
childAttestation child connecting mechanism which connects connection data 
obtained from said data connecting mechanism and an attestation child who got 
from said common key system cryptographer stage is providedThe 2nd server 
common key memory measure that memorizes a common key system encryption 
key which said attestation child verifying means shares between 
serversAttestation child separating mechanism which divides an authentication 
ticket into connection data and an attestation childA data separation means which 
divides into a ticket identifiera multi stage hash valuethe number of times of 
effectivea time stampa server identifierand a publisher identifier connection data 
obtained from said attestation child separating mechanismThe 2nd connection 



data hash means that performs hash operation to connection data obtained from 
said attestation child separating mechanismThe 2nd common key system 
cryptographer stage that enciphers a hash value obtained from said 2nd 
connection data hash means using a common key system encryption key obtained 
from said 2nd server common key memory measureand is made into an attestation 
child for comparisonA publisher identifier collation means which confirms that a 
publisher identifier obtained from said data separation means is an effective server 
identifierA comparison means to compare an attestation child for comparison who 
got from said 2nd common key system cryptographer stage with an attestation 
child who got from said attestation child separating mechanism when a collated 
result ootained from said publisher identifier collation means showed validityand to 
output a result. 

[Claim 20]The authentication system comprising according to claim 18: 
A self^secret key memory measure said attestation child addition means 
remembers a public key system code secret key of an authentication server to be 

in secrecy. 

A self-identifier storage means which memorizes a self-identifier. 
Data connecting mechanism which connects a ticket identifiera multi stage hash 
valuethe number of times of effectivea time stampa server identifierand a 
publisher identifier obtained fi-om said self-identifier storage means. 
A connection data hash means to perform hash operation to connection data 
obtained from said data connecting mechanismA public key system cryptographer 
stage which enciphers a hash value obtained from said connection data hash 
means using a public key system code secret key obtained from said self^secret 
key memory measureand is made into an attestation childAttestation child 
separating mechanism which possesses attestation child connecting mechanism 
which connects connection data obtained from said data connecting 
mechanismand an attestation child who got from said public key system 
cryptojjrapher stage and from which said attestation child verifying means 
separa':es an authentication ticket into connection data and an attestation childA 
data separation means which separates into a ticket identifiera multi stage hash 
valuethe number of times of effectivea time stampa server identifierand a 
publisher identifierand outputs connection data obtained from said attestation 
child separating mechanismThe 2nd connection data hash means that performs 
hash operation to connection data obtained from said attestation child separating 
mechanismA server public key accumulation means which outputs a public key 
system code public key corresponding to a publisher identifier which a public key 
system code public key of an effective server was accumulatedand was obtained 
from said data separation meansA public key system decoding means which 
decodes an attestation child who got from said attestation child separating 
mechanism using a public key system code public key obtained from said server 
public key accumulation meansand is made into a hash value for comparisonA 
comparison means to compare a hash value obtained from said connection data 



hash means with a hash value for comparison obtained from said public key 
system decoding meansand to output a result. 



[Claim 21]Said client means possesses an authentication random number creating 
means and the 1st exclusive OR meansand them said random number generating 
means for attestationin a user authentication proceduregenerate a random number 
for atteijtationand said 1st exclusive OR meansA disturbance hash value which 
obtained by performing EXCLUSIVE OR operation of a random number for 
attestation obtained from said random number generating means for attestation in 
a user authentication procedure and a hash value obtained from said hash means 
is sent to said authentication server meansMemorize said secret memory measure 
in secrecyand a random number for attestation obtained from said random number 
generating means for attestation said multi stage hash meansTake out a random 
number for attestation from said secret memory measureand the using frequency 
k is obtained from said approval server means in a use approval procedureA multi 
stage hash value which performed and obtained hash operation of a n-k stage is 
sent to said approval server meansSaid authentication server means possesses 
the 2nd hash means and 2nd exclusive OR means instead of said attestation 
collation meansand them said 2nd hash meansPerform hash operation to 
connection by user authentication information acquired fi-om said authentication 
information storage meansand random numbers generated by said random number 
generating meansand said 2nd exclusive OR meansPerform EXCLUSIVE OR 
operation of a hash value obtained from said 2nd hash meansand a disturbance 
hash value obtained from said client meansand a random number for attestation is 
acquiredPerform said 2nd multi stage hash means by random numbers for 
attestation obtained from said 2nd exclusive OR meansand hash operation of n 
stage said attestation child addition meansA ticket identifier obtained from said 
ticket identifier creating meansa multi stage hash value obtained from said 2nd 
multi stage hash meansa server identifier obtained from said client means and the 
number of times of effectiveand said attestation — a time check — a time stamp 
based on time information acquired from a means. And the authentication system 
according to any one of claims 1 8 to 20 adding an attestation child to connection 
of a publisher identifier which shows an authentication server meansand sending to 
said client means as an authentication ticket. 

[Claim 22]Said approval server means possesses the 3rd hash means and the 2nd 
attestation child addition means instead of said 3rd multi stage hash meansand 
them said 3rd hash meansOutput a secondary multi stage hash value which 
performed and obtained hash operation to a multi stage hash value obtained from 
said client meansand said approval collation meansCompare a multi stage hash 
value obtained from said ticket use management tooland a secondary multi stage 
hash value obtained from said 3rd hash meansand said 2nd attestation child 
addition meansA ticket identifiera server identifierand the remaining using 
frequency which were obtained from said ticket use management toola multi stage 
hash value obtained from said client meansand said approval ~ a time check — a 



time stamp based on time information acquired from a means. And the 
authentication system according to any one of claims 18 to 21 adding an 
attestation child to connection of a publisher identifier which shows an approval 
server meansand sending to said client means as an authentication ticket. 
[Claim 23]Have the following and said ticket update indication meansGenerate 
authentication ticket history update indication from a ticket identifier and a server 
identifier which were obtained from said attestation child verifying means when a 
decision result obtained from said ticket effective judging means showed 
validityand using frequency obtained from said client meansand it sends to said 
authentication ticket management toolThe using frequency k obtained from said 
client means when an authentication ticket rejected note was not returned from 
said authentication ticket management tooland a multi stage hash value obtained 
from said attestation child verifying means are outputtedGenerate a random 
numbersend said 2nd random number generating means to said client means and 
said 2nd exclusive OR meansand said 2nd exclusive OR meansPerform 
EXCLUSIVE OR operation of a random number obtained from said 2nd random 
number generating meansand a disturbance multi stage hash value obtained from 
said client meansand a multi stage hash value is acquiredSaid 3rd multi stage hash 
means outputs a secondary multi stage hash value which performed and obtained 
hash operation of k stage to a multi stage hash value obtained from said 2nd 
exclusive OR meansSaid authentication ticket management tool remains with a 
ticket identifier and the number of times of effective based on authentication 
ticket sjhelf registration directions obtained from said authentication server 
meansand a group with using frequency is managedThe authentication system 
accord ng to any one of claims 18 to 21 which checks compatibility with 
authentication ticket history update indication obtained from said approval server 
meansand is characterized by sending an authentication ticket rejected note to 
said approval server means in the case of mismatching. 
One or more approval server means. 

An authentication ticket management tool which manages issue of an 
authentication ticket and a using state is providedSaid authentication ticket 
management tool remains with a ticket identifier and the number of times of 
effective based on authentication ticket shelf registration directions obtained from 
said authentication server meansand a group with using frequency is 
managedCompatibility with authentication ticket history update indication obtained 
from said approval server means is checkedin the case of mismatchingsend an 
authentication ticket rejected note at said approval server meansand said 
authentication server means possesses a ticket registration instruction meansand 
it said ticket registration instruction meansA ticket maintenance management tool 
which generates authentication ticket shelf registration directions from a ticket 
identifier obtained from said ticket identifier creating meansa server identifier 
obtained from said client meansand the number of times of effectiveand is sent to 
said authentication ticket management tooland said client means replaces with 
said ticket holding mechanism. 



Provide the 1st exclusive OR means and said ticket maintenance management 
toolManage using frequencywhile obtaining and holding an authentication ticket 
from said authentication server meansshow them to said approval server 
meansand said multi stage hash meansTake out a hash value from said secret 
memory measureand a multi stage hash value which performed and obtained hash 
operation of n stage in a user authentication procedure is sent to said 
authentication server meansThe using frequency k obtained from said ticket 
maintenance management tool in a use approval procedure is obtainedSend a multi 
stage hash value which performed and obtained hash operation of a n-k stage to 
said 1st exclusive OR meansand said 1st exclusive OR meansA ticket update 
indication means which performs EXCLUSIVE OR operation of a multi stage hash 
value oDtained from said multi stage hash meansand a random number obtained 
from said approval server meansand sends a disturbance multi stage hash value of 
a result to said approval server meansand said approval server means replaces 
with a ticket use management tool. 

The 2nd random number generating means and the 2nd exclusive OR means. 

[Claim 24]Have the following and said renewal management tool of a ticket 
generates ticket use reference from a ticket identifier and a server identifier which 
were obtained from said attestation child verifying means when a decision result 
obtained from said ticket effective judging means showed validityand using 
frequency obtained from said client meansit sends to said authentication server 
means or the 2nd approval server means which a publisher identifier showsWhen 
an authentication ticket rejected note is not returned from said authentication 
server means or said 2nd approval server meanswhile outputting using frequency 
obtained from said client meansand a multi stage hash value obtained from said 
attestation child verifying meansWhen a ticket identifiera server identifierand the 
remaining using frequency are managed and ticket use reference is received from 
said 2nd approval server meansthe compatibility of using frequency is checkedin 
the case of mismatchingsend an authentication ticket rejected note to said 2nd 
approval server meansand said 2nd random number generating meansGenerate a 
random numbersend to said client means and said 2nd exclusive OR meansand 
said 2nd exclusive OR meansPerform EXCLUSIVE OR operation of a random 
number obtained from said 2nd random number generating meansand a disturbance 
multi stage hash value obtained from said client meansacquire a multi stage hash 
valueand said 2nd hash means. Output a secondary multi stage hash value which 
performed and obtained hash operation to a multi stage hash value obtained from 
said 2r d exclusive OR meansand said 2nd attestation child addition meansA ticket 
identifiera server identifierand the remaining using frequency which were obtained 
from said ticket management meansa multi stage hash value obtained from said 
2nd exclusive OR meansand said approval — a time check — a time stamp based 
on time information acquired from a means. And the authentication system 
according to claim 22 which adds an attestation child to connection of a publisher 
identifier which shows an approval server meansand is characterized by sending to 



said cliont means as an authentication ticket. 

Provide one or more approval server meansand said authentication server means 
possesses a ticket issue management tooland it said ticket issue management 
toolA ticket identifier obtained from said ticket identifier creating meansa server 
identifier obtained from said client meansand the number of times of effective are 
managedA ticket maintenance management tool which searches a ticket identifier 
based on ticket use reference obtained from said approval server meanschecks 
the compatibility of using frequencyand sends an authentication ticket rejected 
note at said approval server means in the case of mismatchingand said client 
means replaces with said ticket holding mechanism. 

Provide the 1st exclusive OR means and said ticket maintenance management 
toolManage using frequencywhile obtaining and holding an authentication ticket 
from said authentication server meansshow them to said approval server 
meansand said multi stage hash meansTake out a hash value from said secret 
memor/ measureand a multi stage hash value which performed and obtained hash 
operation of n stage in a user authentication procedure is sent to said 
authentication server meansThe using frequency k obtained from said ticket 
maintenance management tool in a use approval procedure is obtainedSend a multi 
stage hash value which performed and obtained hash operation of a n-k stage to 
said 1st exclusive OR meansand said 1st exclusive OR meansA renewal 
management tool of a ticket which performs EXCLUSIVE OR operation of a multi 
stage hash value obtained from said multi stage hash meansand a random number 
obtained from said approval server meansand sends a disturbance multi stage 
hash value of a result to said approval server meansand said approval server 
means replaces with said ticket use management tool. 
The 2nd random number generating means and 2nd exclusive OR means. 

[Claim 25]An authentication server means to publish an authentication ticket. 
An approval server means to which use of an authentication ticket is approved. 
A client means which requires an authentication ticket of said authentication 
server meansand requires use approval of an authentication ticket of said approval 
server means. 

Are the above the authentication method which it had and from an authentication 
server means to a client means. . Include predetermined irreversible arithmetic 
operation for n (n is positive integer) time almsgiving ********** in confidential 
information which an authentication server means and a client means share. The 
number of times of effective publishes an authentication ticket which is nand it a 
client meansSaid authentication ticket is shown in an approval server meansask 
for use approvaland to a demand of presentation information on an approval server 
means a client meansWhen a use count of said authentication ticket is k (k is a 
positive integer below n)The result of an operation which performed said 
predetermined irreversible arithmetic operation to said confidential information n-k 
times is shown as said presentation informationan approval server means performs 
said predetermined irreversible arithmetic operation to said presentation 



information k timesand coincidence with the result of an operation and said 
collation information is identified. 

[Claim :26]An authentication server means to publish an authentication ticket. 
An approval server means to which use of an authentication ticket is approved. 
A client means which requires an authentication ticket of said authentication 
server Tieansand requires use approval of an authentication ticket of said approval 
server neans. 

Are the above the authentication method which it had and from an authentication 
server means to a client means. . Include predetermined irreversible arithmetic 
operation for n (n is positive integer) time almsgiving ********** in confidential 
information which an authentication server means and a client means share. The 
number of times of effective publishes an authentication ticket which is nand it a 
client neansSaid authentication ticket is shown in an approval server meansask 
for use approvaland to a demand of presentation information on an approval server 
means a client meansWhen a use count of said authentication ticket is k (k is a 
positive integer below n)Show the result of an operation which performed said 
predetermined irreversible arithmetic operation to said confidential information n-k 
times as said presentation informationand an approval server meansWhile 
performing said predetermined irreversible arithmetic operation to said 
presentation information once and identifying coincidence with the result of an 
operation and said collation informationcollation information included in said 
authentication ticket is updated to the result of an operation which performed said 
predetermined irreversible arithmetic operation to said confidential information n-k 
times. 

[Claim 27]Said authentication server means shows a random number to a client 
means which requires an authentication ticketrequires attestation presentation 
informationand it a client meansShow the result of an operation which performed 
said predetermined irreversible arithmetic operation to connection by user 
authentication information and said random numbers once [ n+] as said attestation 
presentation informationand an authentication server meansSaid predetermined 
irreversible arithmetic operation is performed to connection by user authentication 
information currently held and said random numbers once [ n+]If coincidence with 
the result of an operation and said attestation presentation information is 
checkodthe result of an operation which performed said predetermined irreversible 
arithmetic operation to connection by said user authentication information and 
said random numbers once will be made into said confidential informationThe 
authentication method according to claim 25 or 26 publishing an authentication 
ticket which includes n (n is positive integer) time almsgiving ****** collation 
information for predetermined irreversible arithmetic operation in this. 
[Claim 28]Said authentication server means shows a random number to a client 
means which requires an authentication ticketrequires attestation presentation 
informationand it a client meansAn EXCLUSIVE-OR-operation result of what 



performed said predetermined irreversible arithmetic operation to connection by 
user authentication information and said random numbers once or moreand a 
random number for attestation which a client means generated is shown as said 
attestation presentation informationAn authentication server means counts said 
random number for attestation backward from said attestation presentation 
information using user authentication information currently held and said random 
numberand makes said random number for attestation said confidential 
informationThe authentication method according to claim 25 or 26 publishing an 
authentication ticket which includes n (n is positive integer) time almsgiving 
»fc9|c)tc4c4c»|c collation information for predetermined irreversible arithmetic operation in 
this. 

[Claim ;29]An authenticating processing program recording medium which recorded 
a processing program of an authentication method performed by the 
authentication system according to any one of claims 1 to 24or the authentication 
method according to any one of claims 25 to 28 in form which an electronic 
computer can read. 



DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the Invention]. This invention permits access of multiple times with one 
processing in which the validity of a client apparatus accessing a server apparatus 
is judgesd. Cipher processing in a client apparatus is made unnecessaryand it 
enables it to process also with a device with low computation capability especially 
about single sign-on type an authentication method and an authentication system. 
[0002] 

[Description of the Prior Art]In recent yearsthe server client type system which 
comprises the server apparatus and client apparatus which were connected via 
the network is general with development of digital communication technique. In 
such a server client type systemit is important that it checks that a client 
apparatus and its user have the just authority to access a server apparatusand 
unjust access is made not to be performed. Although what is depended on 
password input is well known as an authentication method which checks this 
access permissionWhile the method of asking for password input whenever it 
accesses is safesince it is inconvenientfor a usera single sign-on [ which raised 
convenience ] type authentication method has come to be used. Generally as such 
a single sign-on type authentication methodTTP (Trusted Third-party Protocol) 
used by a Kerberos authentication system is knownfor example. 
[0003]Hereafterit explainsreferring to drawings for a conventional single sign-on 
type authentication method. Drawing 23 is a key map showing the outline of a 
conventional single sign-on type authentication methodand drawing 24 is a 
protocol sequence diagram showing a protocol. In drawing 23 and drawing 24t hey 



are a client means in which 81 has a user interfacean authentication server means 
by which 82 performs user authenticationand an approval server means which 83 
judges an access permission and performs use approval. 
[0004]In the user authentication procedure of the client means 81 and the 
authentication server means 82The client means 81 sends authentication demand 
Authenticate Request801 which became also considering the user-identification 
child UIID inputted via the user interfaceand the server identifier SID as attestation 
presentation information to the authentication server means 820n the other 
handthe authentication server means 82 returns authentication reply Authorize 
Request802 accompanied by session key SK enciphered considering the password 
PW as el key with authentication ticket TicketSOS. 

[0005]In the use approval procedure of the client means 81 and the approval 
server means 83Approval demand Authorize Request804 which became also 
considering the user-identification child UID as whom the client means 81 was 
enciphered by session key SKand the time stamp TSk as presentation information 
is sent to the approval server means 83 with authentication ticket Ticket805On 
the other handthe approval server means 83 verifies the presentation information 
and authentication ticket Ticket805 in authentication demand Authorize 
Request804and if it admits being justit will return notice Resultof approval806. 
[0006]h explains in a conventional single sign-on type authentication method with 
the above protocol sequencesreferring to drawing 25 f or the composition below. 
Drawing 25 is a functional block diagram showing the composition of a 
conventional single sign-on type authentication method. Also in drawing 25they 
are a client means in which 81 has a user interfacean authentication server means 
by whic;h 82 performs user authenticationand an approval server means which 83 
judges an access permission and performs use approval. 

[0007]The 1st transmission and reception means 31 1 in which the client means 81 
transmits and receives dataThe input means 811 which obtains the input from a 
userand the session key decoding means 812 which decodes the received session 
keyThe ticket holding mechanism 314 holding the received authentication 
ticketand the processing selecting means 315 which chooses processing according 
to the holding state of an authentication ticketthe secret memory measure 316 
which memorizes the decoded session key in secrecyand the proof which clocks 
time — a time check ~ it comprises the means 813 and the certification 
information cryptographer stage 814 which enciphers attested certification 
information using a session key. 

[0008]The 2nd transmission and reception means 321 in which the authentication 
server means 82 transmits and receives datathe attestation which clocks time ~ 
a time check ~ with the means 322 and the authentication information storage 
means 323 in which the user authentication information of a password etc. was 
accumulated. It comprises the session key creating means 821 which generates an 
encryption key for every user authentication processingthe session key 
cryptographer stage 822 which enciphers a session key using a passwordand the 
ticket cryptographer stage 823 which enciphers an authentication ticket using a 



session key. 

[0009]The 3rd transmission and reception means 331 in which the approval server 
means «3 transmits and receives datathe approval which clocks time — a time 
check ~ with the means 332 and the ticket decoding means 831 which decodes 
an auth entication ticket. The ticket effective judging means 832 which performs 
the validity judging of an authentication ticketit comprises the approval collation 
means 835 which carries out comparative collation of the certification information 
decoding means 833 which decrypts attested certification informationthe 
certification information effective judging means 834 which performs the validity 
judging of attested certification informationand the contents of the authentication 
ticket and the contents of attested certification information. 
[OOlOjIt explains in the conventional single sign-on type authentication method 
constituted as mentioned abovereferring to drawing 26 f or the operation below. 
Firstin the client means 81 The user-identification child DID who shows the user 
itselfthe password PW for user authentication beforehand registered into the 
authentication server means 82and the server identifier SID of the object which 
obtains use approval are inputted into the input means 81 1 as the user input 800 
(ST3101ST8101). The input means 811 takes out the server identifier 31 01 and 
sends it to the ticket holding mechanism 314 while it holds the user input 800 
temporarily. The ticket holding mechanism 314 searches the authentication ticket 
data corresponding to the server identifier 3101 (ST3102)and sends the notice 
3102 of search results to the processing selecting means 315. When the notice 
3102 of search results shows non-**the processing selecting means 315When the 
user authentication processing starting information 8101 is sent to said input 
means 81 1 and owner ** is shownthe use approval procedure starting information 
8102 is sent to said ticket holding mechanism 314the secret memory measure 
316and the certification information cryptographer stage 814 (ST3103). 
[OOlljlf the user authentication starting information 8101 is givensaid input means 
811The group 8103 of the user-identification child and server identifier which were 
taken out from the user input 800 held temporarily is sent to the authentication 
server means 82 as authentication demand Authenticate Request801 via the 1st 
transmission and reception means 311 (ST8102)The user-identification child 8104 
is seen off in the certification information cryptographer stage 814and the 
password 8105 is sent to the session key decoding means 812. 
[0012]ln the authentication server means 82authentication demand Authenticate 
Request801 is received by the 2nd transmission and reception means 321 The 
taken-out user-identification child 8201 is seen off in the authentication 
information storage means 323 and the ticket cryptographer stage 823and the 
server identifier 8202 is sent to the ticket cryptographer stage 823 (ST8201). The 
authentication information storage means 323 searches the password 
corresponding to the user-identification child 8201 (ST8202)In beingit sends the 
password 8203 to the session key cryptographer stage 822and the notice 8204 of 
search results is sent to the session key creating means 821 and the session key 
cryptographer stage 822 (ST8203). When the notice 8204 of search results shows 



owner +*the session key creating means 821 newly generates the random session 
key 8205and sends it to the session key cryptographer stage 822 and the ticket 
cryptographer stage 823 (ST8204). When the notice 8204 of search results shows 
owner '^'♦the session key cryptographer stage 822The encryption session key 8206 
which enciphered the session key 8205 using the password 8203 is generated 
(ST8205)This is sent to the client means 81 as authentication reply Authenticate 
Response802 via the 2nd transmission and reception means 321 (ST8207). 
attestation — a time check — the means 322 has clocked current time. 
The time stamp 3212 based on current time is supplied to the ticket cryptographer 
stage 823. 

Hold the ticket cryptographer stage 823 inside and the server common key 
corresponding to the server identifier 8202 is usedThe authentication ticket data 
8207 which enciphered the user-identification child 8201 the server identifier 
8202the time stamp 3212and the session key 8205 is generated 
(ST8202ST8206)This is sent to the client means 81 as authentication ticket 
Ticket803 via the 2nd transmission and reception means 321 (ST8207). 
[0013]In the client means 81 authentication reply Authenticate Response802 is 
sent to the session key decoding means 812 as the encryption session key 8106 
via the 1st transmission and reception means 31 1 Authentication ticket Ticket803 
is sent to said ticket holding mechanism 314 as the authentication ticket data 
8108 via the 1st transmission and reception means 31 1 (ST8103). Said ticket 
holding mechanism 314 matches the authentication ticket data 8108 with the 
server identifier 31 01 and holds it (ST3112). The session key decoding means 812 
decrypts the encryption session key 8106 using the password 8105 (ST8104). 
Thereforeonly when a right password is entereda right session key can be obtained. 
The session key 8107 obtained by the session key decoding means 812 is sent to 
the secret memory measure 316and is memorized. 

[0014]The secret memory measure 316 sends the memorized session key 8109 to 
the certification information cryptographer stage 814when the session key 8107 is 
memorized in secrecyonly predetermined access is permitted and the use approval 
procedure starting information 8102 is given (ST8105). proof — a time check — 
the means 813 has clocked current time. 

The time stamp 81 10 based on current time is supplied to the certification 
information cryptographer stage 814. 

If the Lse approval procedure starting information 8102 is giventhe certification 
information cryptographer stage 814The attested certification information 81 1 1 
which enciphered the user-identification child 8104 and the time stamp 8110 using 
the sej;sion key 8109 is generated (ST8106)This is sent to the approval server 
means 83 as approval demand Authorize Request804 via the 1 st transmission and 
reception means 311 (ST8107). If the use approval procedure starting information 
8102 is givensaid ticket holding mechanism 314The held authentication ticket data 
81 12 corresponding to the server identifier 3101 is sent to the approval server 
means 83 as authentication ticket Ticket805 via the 1st transmission and 
reception means 311 (ST8107). 



[0015]In the approval server means 83approval demand Authorize Request804 is 
sent to the certification information decoding means 833 as the attested 
certification information 8308 via the 3rd transmission and reception means 
331 Authentication ticket Ticket805 is sent to the ticket decoding means 831 as 
the authentication ticket data 8301 via the 3rd transmission and reception means 
331 (ST8301). The ticket decoding means 831 decrypts the authentication ticket 
data 8301 using the self-server common key held insideThe user-identification 
child 8302 and the server identifier 8303 which were obtainedand the time stamp 
8304 are sent to the ticket effective judging means 832and the session key 8305 
is sent to the certification information decoding means 833 (ST8302). approval 
a time check — the means 332 has clocked current time. 

The current time information 8306 is supplied to the ticket effective judging means 
832 and the certification information effective judging means 834. 
While the ticket effective judging means 832 performs the coincidence decision of 
the server identifier 8303 and the self-server identifier held insidelt confirms that 
the difference of the time stamp 8304 and the current time information 8306 is 
within the limits of the predetermined term of validityand when all are truththe 
user-identification child 8302 is made into the ticket user-identification child 
8307and is seen off in the approval collation means 835 (ST3306ST3307). The 
user-identification child 8309 and the time stamp 8310 which were produced by 
the certification information decoding means 833 decrypting the attested 
certification information 8308 using the session key 8305 are sent to the 
certification information effective judging means 834 (ST8303). Since attested 
certification information is enciphered using the session key by the client 
meansonly when a right session key is used by a client meansa right user- 
identification child and a time stamp are obtained here. The certification 
information effective judging means 834 confirms that the difference of the time 
stamp 8310 and the current time information 8306 is within the limits of a 
predetermined time lagWhen it is truththe user-identification child 8309 is made 
into the proof user-identification child 831 land is seen off in the approval collation 
means 835 (ST8304ST8305). The approval collation means 835 performs the 
coincidence decision of the ticket user-identification child 8307 and the proof 
user-identification child 831 1 (ST8306)If it is truththe notice 8312 of approval will 
be sent to the client means 81 as notice Resultof approval806 via the 3rd 
transmission and reception means 331 (ST8307ST3317)and it is received in the 
client means 81 (ST3118). When a coincidence decision becomes truth at this 
timetha user-identification child and the time stamp are obtained correctlyThis 
shows that the right session key was used by the client meansand since this 
means that the right password was entereda user authentication result and its use 
approval result will correspond. 
[0016] 

[Problem(s) to be Solved by the Invention] Howeversince cipher processing which 
needs great computational complexity in the above-mentioned conventional 
composition is used abundantly and it is necessary to perform cipher processing at 



every u:5e approval processing by a client side especiallyWhen client sides were a 
personal digital assistant and a device with low computation capability like a smart 
phoneit had the technical problem that it was difficult to perform use approval 
processing by practical processing time. 

[0017]Since the use count of one authentication ticket is not restricted in the 
above-mentioned conventional composition but it is only having provided the term 
of validityEven if the code of the authentication ticket intercepted by the third 
party should have been decoded and unjust access was performedit also had the 
technical problem that a possibility of finishing without being discovered was high. 
[0018]This invention solves such a conventional technical problem. 
The purpose does not need cipher processing in a client sidebut even if it is a 
device with low computation capabilityuse approval processing can be performed 
by practical processing timelt is providing single sign-on type the authentication 
method and authentication system which can manage the use count of an 
authentication ticket easily. 



[0019] 

[Means for Solving the Problem]A client means which this invention holds an 
authentication ticket whose number of times of effective is n (n is a positive 
integer) to the Istshows thisand asks for use approval in order to solve this 
technical problemCompare with said authentication ticketin responserequire 
presentation informationprovide with an approval server means which carries out 
use approvaland said authentication ticketHe is given by attestation child including 
a ticket identifiercollation informationthe number of times of effectivethe time of 
the date of issueand a server identifierand said collation informationPredetermined 
irreversible arithmetic operation is performed to confidential information which a 
publisher and said client means of said authentication ticket share n timesSaid 
presentation information in case a use count of said authentication ticket is k (k is 
a positive integer below n) is characterized by performing said predetermined 
irreversible arithmetic operation to said confidential information n-k times. 
[0020]Single sign-on type an authentication method and an authentication system 
which cannot need cipher processing in a client sidebut can manage a use count 
of an authentication ticket easily by thisand can eliminate double use are obtained. 
[0021]Said authentication server means generates a random number in a user 
authentication procedureand this is shown in the 2ndrequire attestation 
presentation information of a client meansand said confidential informationSaid 
predetermined irreversible arithmetic operation is performed to connection by said 
user authentication information and said random numbers once or moreand said 
attestation presentation information is characterized by performing said 
predetermined irreversible arithmetic operation to said confidential information n 
times. 

[0022' thereby — the above-mentioned effect ~ in additioncipher processing in a 
client side is not needed in a user authentication procedureand also single sign-on 
type an authentication method and an authentication system which can 



communalize data processing of attestation presentation information and data 
processing of presentation information are obtained. 

[0023]S;aid authentication server means generates a random number in a user 
authentication procedureand this is shown in the 3rdrequire attestation 
presentation information of a client meansand said attestation presentation 
informationit is an EXCLUSIVE-OR-operation result of what performed said 
predetermined irreversible arithmetic operation to connection by said user 
authentication information and said random numbers once or moreand a random 
number for attestation which a client means generatedand said confidential 
information is characterized by being said random number for attestation counted 
backward from said attestation presentation information. 
[0024]Therebyit adds to the above-mentioned effectand since collation 
information included in an authentication ticket becomes unrelated to user 
authentication informationsingle sign-on type a safer authentication method and 
an authentication system which even a possibility that user authentication 
information will be guessed does not have are obtained from an authentication 
ticket. 

[0025]It is characterized by on the other hand said predetermined irreversible 
arithmetic operation being tropism hash operation the 4th. 

[0026]Therebyin addition to the above-mentioned effecteven if a client side is a 
device with low computation capabilitysingle sign-on type an authentication 
method and an authentication system which can perform use approval processing 
by practical processing time are obtained. 

[0027]To the 5thsaid authentication ticket including a publisher identifier said 
approval server meansWhile carrying out use approvalupdate collation information 
of said authentication ticketthe number of times of effectivethe time of the date 
of issuea publisher identifierand an attestation childand said collation informationit 
is what performed said predetermined irreversible arithmetic operation to said 
confidential information n-k timesand is updatedand said number of times of 
effective is characterized by being updated by n-k. 

[0028]Since it is updated in addition to the above-mentioned effect by this 
whenever it uses an authentication ticketespecially a time stamp is updated and 
the term of validity in an effective judging can be set up shorterSingle sign-on 
type an authentication method and an authentication system which possibility of 
an unauthorized use by a third party can be made smallerand can shorten 
response time of use approval further are obtained. 

[0029]To the 6thsaid client means has managed a use count of said authentication 
ticketit is what shows this and asks for use approval with said authentication 
tickethave an authentication ticket management tool which manages a use count 
of two or more preparations and said authentication ticket for said approval server 
meansand said authentication server meansWhile publishing said authentication 
ticketpoint to shelf registration of said authentication ticket to said authentication 
ticket management tooland said approval server meansWhen it points to renewal 
of a history of said authentication ticket to said authentication ticket management 



tool in response to presentation of said authentication ticket and a rejected note 
is received from said authentication ticket management toolit is characterized by 
not carrying out use approval. 

[0030]thereby — the above-mentioned effect — in additionin a system by which 
an authentication ticket is not updatedsince it becomes possible to use an 
authentication ticket in common to two or more approval serverssingle sign-on 
type an authentication method and an authentication system with higher 
convenience are obtained. 

[0031]To the Tthsaid client means has managed a use count of said authentication 
ticketWith said authentication ticketthis Is shownask for use approvaland said 
approval server means two or more preparations and said authentication server 
meansMemorize an issuance historywhile publishing said authentication ticketand 
said approval server meansMemorize an update historywhile updating said 
authentication ticketand It refers for a history of said authentication ticket to said 
authentication server means which a publisher identifier of said authentication 
ticket shows in response to presentation of said authentication ticketor said 
approval server meansWhen a rejected note is received from said authentication 
server means or said approval server meansit is characterized by not carrying out 
use approval. 

[0032]thereby ~ the above-mentioned effect — in additionin a system by which 
an authentication ticket is updatedsince the decentralized administration of the 
use of an authentication ticket can be carried outsingle sign-on type an 
authentication method and an authentication system which can lessen one 
management resource more are obtained. 
[0033] 

[Embodiment of the Invention]Hereafterlt explainsreferring to drawings for an 
embodiment of the invention. 

[0034](A 1st embodiment) The authentication system of a 1st embodiment 
comprises the client means 1 with a user Interfacean authentication server means 
2 to perform user authentlcationand the approval server means 3 that judges the 
access permission of the client means 1 and performs use approvalas shown in 
drawing 1 . Can use a general purpose computera Personal Digital Assistanta smart 
phoneotc. for the client means Ifor exampleand for the authentication server 
means 2. For examplea general purpose computeran exclusive authentication 
server devlceetc. can be usedand a general purpose computeran exclusive 
approval server apparatusan exclusive information providing deviceetc. can be 
used for the approval server means 3. 

[0035]It is connected by a cable or the wireless communication network between 
the client means 1 and the approval server means 3. Although not necessarily 
connected between the client means 1 and the authentication server means 2 in a 
communication networkit is necessary to share the confidential Information 4. As 
this confidential information 4a passworda common key system encryption keyor 
the calculated value computed from them is usedfor example. 
[0036]The client means 1 holds the authentication ticket 5 used In a use approval 



procedure. The authentication server means 2 publishes this to the client means 
land the authentication server means 2 makes collation information the result of 
having performed irreversible arithmetic operation f to the confidential information 
4 n times (n is the number of times of effective of an authentication ticket)adds an 
attestation child to thisand generates the authentication ticket 5. An attestation 
child is added for the purpose of the prevention from an alteration of an 
authentication ticketand a publisher's proofand can use a message authorization 
codea digital signatureetc. 

[0037]In the use approval procedure of the client means 1 and the approval server 
means 3the result to which the client means 1 performed irreversible arithmetic 
operation f to the confidential information 4 in the n-k time (k is a use count in 
the use approval procedure of an authentication ticket) is used as the 
presentation information 6. As long as the irreversible arithmetic operation f has 
sufficiently safe irreversibilitythe length of a resultand random naturesince the 
third party who does not know the confidential information 4 cannot calculate this 
presentation information 6it is shown that it is a valid user which gets to know the 
confidential information 4 using this presentation information 6. Since many 
number of times of the irreversible arithmetic operation f in presentation 
information is performed so that it went back in the past and the following 
presentation information is also incalculable from this presentation information 
6there is also no necessity for encryption. 

[0038]Send the client means 1 to the approval server means 3 with the 
authentication ticket 7 currently heldand this presentation information 6 to this 
the approval server means 3A check in agreement with the collation information 
which the authentication ticket 7 includes is performedand the result of having 
carried out irreversible arithmetic operation f to the presentation information 6 k 
times v/ith an attestation child's verification which the authentication ticket 7 
includes will return the notice 8 of approvalif it admits being just. 
[0039]By this methodthe client means 1 can obtain use approval to n times using 
the authentication ticket 7without revealing the confidential information 4 to a 
third party including the approval server means 3. 

[0040]Thusthe authentication system of this embodiment is provided with the 
following. 

The client means which the number of times of effective holds the authentication 
ticket which is n (n is a positive integer)shows thisand asks for use approval. 
The approval server means which requires presentation information in 
responsecompares with said authentication ticketand carries out use approval. 

[0041]Informationincluding a server identifier etc.other than collation information 
can be included in said authentication ticket at the time of a ticket identifierthe 
number of times of effectiveand the date of issueand an attestation child is given 
to this. Collation information is information which performed predetermined 
irreversible arithmetic operation to the confidential information which the publisher 
and client means of an authentication ticket share n times. Said presentation 



information is information which performed predetermined irreversible arithmetic 
operation to said confidential information n-k timeswhen the use count of an 
authentication ticket is k (k is a positive integer below n). 

[0042]Single sign-on type the authentication method and authentication system 
which cannot need cipher processing in a client sidebut can manage the use count 
of an authentication ticket easilyand can eliminate double use by such composition 
are obtained. 

[0043](A 2nd embodiment) In the authentication system of a 2nd embodimenta 
client means shows attestation presentation information to the authentication 
server means 22and requires an authentication ticket. 
[0044]The client means 1 1 in which this authentication system has a user 
interface as shown in drawing 2 An authentication server means 12 to perform user 
authenticationand the approval server means 3 which judges the access 
permission of the client means 1 1 and performs use approval are comprisedand it 
is connected by the cable or the wireless communication network between the 
client means lithe authentication server means 12and the approval server means 
3. This approval server means 3 is the same as that of a 1st embodiment (drawing 
i)there isand againThe authentication ticket returned to the client means 1 1 from 
the authentication server means 12It is the same as that of a 1st embodiment 
( drawing 1 ) also about the presentation information which the client means 1 1 
transmits to the approval server means 3 and an approval ticketand the notice 8 
of approval further returned to the client means 1 1 from the approval server 
means 3. 

[0045]The client means 11 and the authentication server means 12 of this 
authentication system share the result of having performed irreversible arithmetic 
operation f to connection by the password PW entered via the user interfaceand 
the rardom numbers R obtained from the authentication server means 12 onceas 
the confidential information 14. As long as the irreversible arithmetic operation f 
has sufficiently safe irreversibilitythe length of a resultand random naturethe third 
party v/ho does not know the password PW cannot calculate this confidential 
information 14. 

[0046]i;n the user authentication procedure of the client means 1 1 and the 
authentication server means 12the authentication server means 12 generates a 
random numberthis is shownand attestation presentation information is required of 
the client means 11. The client means 11 computes the confidential information 14 
by performing irreversible arithmetic operation f to connection by the random 
numbers R obtained from the password PW and the authentication server means 
12 oncelt sends to the authentication server means 12 by making into the 
attestation presentation information 13 the result of having performed irreversible 
arithmetic operation f to this confidential information 14 further n times (n+1 total 
and n are the number of times of effective of an authentication ticket). 
[0047]On the other handa check of that the confidential information 14 of the 
authentication server means 1 2 corresponds from the attestation presentation 
information 13 will return the authentication ticket 5 which added the attestation 



child to this by making into collation information the result of having performed 
irreversible arithmetic operation f to the confidential information 14 n times. The 
client means 1 1 is held in order to use this in a use approval procedure. An 
attestation child is added for the purpose of the prevention from an alteration of 
an authentication ticketand a publisher's proofand can use a message 
authorization codea digital signatureetc. 

[0048]Iri the use approval procedure of the client means 1 1 and the approval 
server means 3the result to which the client means 1 1 performed irreversible 
arithme^:ic operation f to the confidential information 14 in the n-k time (k is a use 
count in the use approval procedure of an authentication ticket) is used as the 
presentation information 6. As long as the irreversible arithmetic operation f has 
sufficiently safe irreversibilitythe length of a resultand random naturesince the 
third party who does not know the confidential information 14 cannot calculate 
this presentation information 6it is shown that it is a valid user which gets to know 
the confidential information 14 using this presentation information 6. Since many 
number of times of the irreversible arithmetic operation f in presentation 
information is performed so that it went back in the past and the following 
presentation information is also incalculable from this presentation information 
6there is also no necessity for encryption. 

[0049]Verification of the attestation child who sends the client means 11 to the 
approval server means 3 with the authentication ticket 7 holding this presentation 
information 6 and in whom the authentication ticket 7 includes the approval server 
means 3 to thisThe result of having carried out irreversible arithmetic operation f 
to the presentation information 6 k times performs a check in agreement with the 
collation information which the authentication ticket 7 includesand if it admits 
being justthe notice 8 of approval will be returned. 

[0050]l3y this methodthe client means 1 1 can obtain use approval to n times using 
the authentication ticket 7without revealing the confidential information 14 and the 
password PW to a third party including the approval server means 3. 
[0051]Thusin the authentication system of this embodimentan authentication 
server means generates a random number in a user authentication 
procedureshows thisand requires attestation presentation information of a client 
means As confidential information at this timewhat performed predetermined 
irreversible arithmetic operation to connection by user authentication information 
and random numbers once or more is usedand what performed predetermined 
irreversible arithmetic operation to this confidential information n times as 
attestation presentation information is shown. 

[0052]such composition — the effect of a 1st embodiment — in additionalso in a 
user authentication procedurecipher processing in a client side is unnecessaryand 
single sign-on type the authentication method and authentication system which 
can communalize data processing of attestation presentation information and data 
processing of presentation information are obtained. 
[0053](A 3rd embodiment) As shown in drawing 3t he random number for 
attestation generated by the client means 21 is shared between the client means 



21 and the authentication server means 22 as the confidential information 24 by 
the authentication system of a 3rd embodiment. 

[0054]In this systemin a user authentication procedurethe authentication server 
means 22 generates a random numberthis is shownand attestation presentation 
information is required of the client means 21. The client means 21 is sent to the 
authentication server means 22 by making into the attestation presentation 
information 23 the exclusive OR result of the result of having performed 
irreversible arithmetic operation f to connection by the random numbers R 
obtained from the password PW and the authentication server means 22 onceand 
the confidential information 24 which the client means 21 generated in secrecy. In 
drawing 3the sign "@" shows the exclusive OR (EXOR) operation. 
[0055]On the other handthe authentication server means 22 is counted backward 
from the attestation presentation information 23the password PWand the random 
number Rand asks for the confidential information 25. And irreversible arithmetic 
operation f is performed to this confidential information 25 n timesthat result of an 
operation is made into collation informationand the authentication ticket 5 which 
added the attestation child to this is returned to the client means 21. The client 
means 21 is held in order to use this in a use approval procedure. 
[0056]Supposing the attestation presentation information 23 is suitably made from 
a third party with an inaccurate userEven if it can obtain the authentication ticket 
5 by the client means 21the client means 21 does not understand the confidential 
information 25 which the server counted backward using the password PW and the 
random number R from the attestation presentation information 23. Thereforethe 
unjust access can be eliminated in a following use approval procedure. 
[0057]Ii the use approval procedure of the client means 21 and the approval 
server means 3the result to which the client means 21 performed irreversible 
arithmetic operation f to the confidential information 24 in the n-k time (k is a use 
count ill the use approval procedure of an authentication ticket) is used as the 
presentation information 6. As long as the irreversible arithmetic operation f has 
sufficiently safe irreversibilitythe length of a resultand random naturesince the 
third party who does not know the confidential information 24 cannot calculate 
this presentation information 6it is shown that it is a valid user which gets to know 
the confidential information 24 using this presentation information 6. Since many 
number of times of the irreversible arithmetic operation f in presentation 
information is performed so that it went back in the past and the following 
presentation information is also incalculable from this presentation information 
6there is also no necessity for encryption. 

[0058]Verification of the attestation child who sends the client means 21 to the 
approval server means 3 with the authentication ticket 7 holding this presentation 
information 6 and in whom the authentication ticket 7 includes the approval server 
means 3 to thisThe result of having carried out irreversible arithmetic operation f 
to the presentation information 6 k times performs a check in agreement with the 
collation information which the authentication ticket 7 includesand if it admits 
being justthe notice 8 of approval will be returned. 



[0059]Ey this methodthe client means 21 can obtain use approval to n times using 
the authentication ticket 7without revealing the confidential information 24 and the 
passwo'-d PW to a third party including the approval server means 3. 
[0060]Thusin the authentication system of this embodimentan authentication 
server means generates a random number in a user authentication 
procedureshows thisand requires attestation presentation information of a client 
means. Attestation presentation information is an EXCLUSIVE-OR-operation 
result cf what performed predetermined irreversible arithmetic operation to 
connection by user authentication information and said random numbers once or 
moreand the random number for attestation (confidential information) which the 
client means generatedand this confidential information is counted backward from 
attestation presentation information by an authentication server means. 
[0061 ]E}y such compositionthe collation information which an authentication ticket 
includes becomes unrelated to user authentication information. Thereforesingle 
sign-on type a safe authentication method and authentication system are obtained 
rather than even a possibility that user authentication information will be guessed 
from an authentication ticket cannot be found. 

[0062](A 4th embodiment) A 4th embodiment explains the block configuration of 
each means to perform the concrete communication procedure and it in the 
authentication system of a 2nd embodiment. 

[0063] Drawing 4 is a protocol sequence diagram showing the protocol in this 
system. In drawing 4 the client means in which 31 has a user interfacean 
authentication server means by which 32 performs user authenticationand the 
approval server means which 33 judges an access permission and performs use 
approval are shownand the sign "S (K|-)" shows the attestation child attachment 
function which used the key K. 

[0064]In the user authentication procedure of the client means 31 and the 
authentication server means 32Firstthe client means 31 sends authentication 
demand Authenticate Request301 accompanied by the user-identification child 
UID and the server identifier SID which were inputted via the user interface to the 
authentication server means 32. At this timeauthentication demand Authenticate 
Requer>t301 is good also as a thing accompanied by the number of times n of 
effective of an authentication ticket. When that is not rightan authentication 
server shall just define the number of times n of effective fixed. 
[0065]On the other handthe authentication server means 32 returns attestation 
challenge Challenge302 accompanied by the random number RO generated so that 
it might differ each time. The client means 31 which received this returns 
attestation challenge answer Response303 accompanied by the result of having 
given n+1 step of hash operation H to connection by the password PW and the 
random number RO which were inputted via the user interfaceOn the other handif 
the authentication server means 32 carries out comparison verification of the 
n+1 -step hash operation result in challenge answer Response303and the n+1 -step 
hash operation result performed itself and is in agreementit will admit being 
justAuthentication ticket Ticket304 to which the attestation child was added with 



the publisher identifier IID which shows ticket identifier TID and n+1-step hash 
operation resulttime stamp TSOserver identifier SIDand authentication server 32 
self is returned. [ which were newly generated ] The client means 31 is held in 
order to use this in a use approval procedure. 

[0066]In the use approval procedure of the client means 31 and the approval 
server means 33the client means 31 sends the approval demand Authorize 
Request and authentication ticket Ticket305 to the approval server means 33. At 
this timethe approval demand Authorize Request is good also as a thing 
accompanied by the user-identification child UID. On the other handthe approval 
server means 33 returns approval challenge Challenge306 accompanied by the 
value k based on the use count of this authentication ticket The client means 31 
which rsceived this returns approval challenge answer Response307 accompanied 
by the result of having given hash operation [ of +one step of n-k ] H to 
connection by the password PW and the random numbers RO. 
[0067] Since this hash operation H cannot calculate this hash operation result for 
the sufficiently safe third party who does not know the password PW and the 
random number RO as long as iton the other handhas tropismthe length of a 
resultand random naturelt is shown that it is a valid user which gets to know the 
password PW by this hash operation result. Since many number of stageses of 
hash operation H are performed so that it went back in the past and the following 
hash operation result is also incalculable from this hash operation resultthere is 
also no necessity for encryption. As such hash operation H [ like ]algorithmssuch 
as MDJI and SHAcan be usedfor example. 

[0068]On the other handthe approval server means 32 carries out comparison 
verificetion of the result of having performed hash operation of k stage to the +1 
step of n-k hash operation result in approval challenge answer Response307 
furtherand the n+1-step hash operation result in authentication ticket Ticketif in 
agreementit will admit being just and notice Resultof approval308 will be returned. 
At this timethe notice 308 of approval is good also as a thing simultaneously 
accompanied by the information Info to which access was permitted by use 
approval. 

[0069] By the above protocol sequencesthe client means 31 can obtain use 
approval to n times using the authentication ticket 304without revealing the 
password PW to a third party including the approval server means 33. 
[0070]:it explains referring to the functional block diagram of drawing 5 for the 
composition with such a protocol sequence of an authentication system. 
[0071]ln drawing 5t hey are a client means in which 31 has a user interfacean 
authentication server means by which 32 performs user authenticationand an 
approval server means which 33 judges an access permission and performs use 
approval. 

[0072]The client means 31 is provided with the following. 

The l£;t transmission and reception means 311 that transmits and receives data. 

The input means 312 which obtains the input from a user. 

A hash means 313 to connect two inputs and to perform hash operation H. 



The ticket holding mechanism 314 holding the received authentication ticketand 
the processing selecting means 315 which chooses processing according to the 
holding state of an authentication ticketA multi stage hash means 317 to perform 
hash operation of the secret memory measure 316 which memorizes a hash 
operation result in secrecyand the given number of stages or the number of stages 
of the difference of two given numerical values. 

[0073]According to the kind of communication networkthe 1st transmission and 
reception means 31 1 For exampleLAN interface devicessuch as a LAN 
cardTe ephone interfacing unitssuch as ISDN interface devicessuch as a terminal 
adopterand a modemit is good also as composition which comprises infrared ray 
interface devicessuch as wireless interface devicessuch as a portable data 
communication card and a PIAFS cardand an IrDA moduleetc.and uses these some 
properly according to a communications partner. The input means 312 comprises 
pointing devices and selection buttonssuch as character input devicessuch as a 
keyboard and a ten keya mousea trackballand a pen tabletcombination of a dial 
and a display screenor a touch panelfor example. The hash means 313 is 
constitutedfor example combining a logic circuit and the arithmetic circuit 
incorporating the algorithm of hash operation H. As for the ticket holding 
mechanism 314a memory circuit is usedfor example. A logic circuit can be used for 
the processing selecting means 315for example. The secret memory measure 316 
is constituted by the memory device which had Tampa-proof nature like an IC 
cardfor example. The multi stage hash means 317 adds the arithmetic circuit etc. 
which search for the difference of the counter which counts the connection which 
feeds back an output to the arithmetic circuit which incorporated the algorithm of 
hash operation Hfor exampleand a number of stagesor a numerical valueand is 
constituted. Each above-mentioned means may be realized using the computer 
program on a microcomputer or a general purpose computer. Or it may record on 
a program recording medium in the form which can read the computer programand 
the composition combined with the program-recording-medium reader may realize. 
[0074]The authentication server means 32 is provided with the following. 
The 2nd transmission and reception means 321 that transmits and receives data, 
the attestation which clocks current time — a time check — the means 322. 
The authentication information storage means 323 which accumulates the user 
authertication information of a password etc. 

The random number generating means 324 which generates a random number for 
every jser authentication processingand 2nd multi stage hash means 325 by which 
it is given and reliance also performs hash operation H of many number of 
stageses oneThe attestation collation means 326 which carries out comparative 
collation of the two multi stage hash valuesthe ticket identifier creating means 327 
which generates a unique ticket identifier for every authentication ticket issueand 
the attestation child addition means 328 which generates and adds the attestation 
child to an authentication ticket. 



[0075]According to the kind of communication networkthe 2nd transmission and 
reception means 321 For exampleLAN interface devicessuch as a LAN cardit 
comprises infrared ray interface devicessuch as wireless interface devicessuch as 
telephone interfacing unitssuch as ISDN interface devicessuch as a terminal 
adopterand a modema portable data communication cardand a PIAFS cardand an 
IrDA moduleetc. attestation — a time check — as for the means 322a timer 
counter is usedfor example. If the authentication information storage means 323 is 
the memory device which comprised a mass memory device and had the Tampa- 
proof naturein additionit is good. The random number generating means 324 
comprises an arithmetic circuit which incorporated the random number generation 
algorithmfor exampleor an inverter which data-izes an electromagnetic noise. The 
2nd multi stage hash means 325 adds the counter etc. which count the connection 
which feeds back an output to the arithmetic circuit which incorporated the 
algorithm of hash operation Hfor exampleand a number of stagesand is constituted. 
The attestation collation means 326 comprises a comparison circuitfor example. 
The ticket identifier creating means 327 comprises a counter circuit which had 
sufficient bit lengthfor example. The attestation child addition means 328 
comprises the arithmetic circuit and memory circuit incorporating an attestation 
child generation algorithm. Each above-mentioned means may be realized using 
the computer program on a microcomputer or a general purpose computer. Or it 
may record on a program recording medium in the form which can read the 
computer programand the composition combined with the program-recording- 
mediun reader may realize. 

[0076]The approval server means 33 is provided with the following. 
The 3rd transmission and reception means 331 that transmits and receives data, 
the approval which clocks current time — a time check — the means 332. 
The attestation child verifying means 333 which verifies the attestation child 
added to the authentication ticket. 

The ticket effective judging means 334 which performs the validity judging of an 
authertication ticketThe ticket use management tool 335 which remains with the 
ticket identifier of an authentication ticketand the number of times of effectiveand 
manages the number of times of availablethe 3rd multi stage hash means 336 that 
performs hash operation H of the given number of stagesand the approval collation 
means 337 which carries out comparative collation of the two multi stage hash 
values. 

[0077]According to the kind of communication networkthe 3rd transmission and 
reception means 331 For exampleLAN interface devicessuch as a LAN cardit 
comprises infrared ray interface devicessuch as wireless interface devicessuch as 
telephone interfacing unitssuch as ISDN interface devicessuch as a terminal 
adopterand a modema portable data communication cardand a PIAFS cardand an 
IrDA moduleetc. approval — a time check ~ as for the means 332a timer counter 
is usedfor example. The attestation child verifying means 333 comprises the 
arithmetic circuit and memory circuit incorporating an attestation child verification 



algorithm. The ticket effective judging means 334 is constituted by the 
combination of a comparison circuitfor example. The ticket use management tool 
335 is constituted by the combination of the arithmetic circuit which calculates 
using frequencyand a mass memory device. For examplethe 3rd multi stage hash 
means 336 is a change thingand the preset value of a counter consists of the 
same arithmetic circuits as the 2nd multi stage hash means 325. The approval 
collation means 337 comprises a comparison circuitfor example. Each above- 
mentioned means may be realized using the computer program on a 
microcomputer or a general purpose computer. Or it may record on a program 
recording medium in the form which can read the computer programand the 
composition combined with the program-recording-medium reader may realize. 
[0078]Ii explains in the authentication method and authentication system which 
were constituted as mentioned abovereferring to drawing 6 f or the operation below. 
Herethe case where authentication demand Authenticate Request301 is 
accompanied by the number of times n of authentication ticket effective is 
explained. 

[0079]F irstin the client means 31 The user-identification child UID who shows the 
user itselfthe password PW for user authentication beforehand registered into the 
authentication server means 32the server identifier SID of the object which 
obtains use approvaland the number of times n of effective of an authentication 
ticket as the user input 300. It is inputted into the input means 312 
(ST3101ST3104). The input means 312 takes out the server identifier 31 01 and 
sends it to the ticket holding mechanism 314 while it holds the user input 300 
temporarily. The ticket holding mechanism 314 searches the authentication ticket 
data corresponding to the server identifier 3101 (ST3102)and sends the notice 
3102 o" search results to the processing selecting means 315. When the notice 
3102 of search results shows non-**the processing selecting means 315The user 
authentication processing starting information 3103 is sent to said input means 
312 and the multi stage hash means 317and when owner ** is shown(ST3103) use 
approval procedure starting information 3104 is sent to said ticket holding 
mechanism 314the secret memory measure 316and the multi stage hash means 
317. 

[0080]i:f the user authentication starting information 3103 is givensaid input means 
312The group 3105 of the user-identification child and server identifier which were 
taken out from the user input 300 held temporarilyand the number of times of 
effective Is sent to the authentication server means 32 as authentication demand 
Authenticate Request301 via the 1st transmission and reception means 31 1 
(ST3105)The number of times 3106 of effective is sent to the multi stage hash 
means 317and the password 3107 is sent to the hash means 313. 
[0081]In the authentication server means 32authentication demand Authenticate 
Request301 is received by the 2nd transmission and reception means 321 The 
taken-out user-Identification child 3201 is seen off in the authentication 
information storage means 323the number of times 3202 of effective is sent to the 
2nd mjiti stage hash means 325 and attestation child addition means 328and the 



server identifier 3203 is sent to the attestation child addition means 328 (ST3201). 
The authentication information storage means 323 searches the password 
corresponding to the user-identification child 3201 (ST3202)In beingit sends 
(ST3203) and the password 3204 to the 2nd multi stage hash means 325and the 
notice 3205 of search results is sent to the random number generating means 324 
and the 2nd multi stage hash means 325. 

[0082]When the notice 3205 of search results shows owner **while the random 
number generating means 324 newly generates the challenge random number 3206 
for data disturbance at random and sends it to the 2nd multi stage hash means 
325It sends to the client means 31 as attestation challenge Challenge302 via the 
2nd transmission and reception means 321 (ST3204). When the notice 3205 of 
search results shows owner **the 2nd multi stage hash means 325To connection 
by the password 3204 and the challenge random numbers 3206from the number of 
times 3202 of effectivehash operation H of many number of stageses is performed 
oneand the multi stage hash value 3207 of a result is sent to the attestation 
collation means 326 (ST3205). 

[0083]On the other handin the client means 31 it is received by the 1st 
transmission and reception means 31 1 the challenge random number 3108 is taken 
outand attestation challenge Challenge302 is sent to the hash means 313 
(ST3106). The hash means 313 performs hash operation H to connection by the 
password 3107 and the challenge random numbers 3108 (ST3107)and sends the 
hash value 3109 of a result to the secret memory measure 316 and the multi stage 
hash means 317. The secret memory measure 316 memorizes the hash value 3109 
in secrecyand permits only predetermined accessi.e.the renewal of an addition in a 
user authentication procedure and the reference in a use approval 
procecure(ST3108). When the user authentication procedure starting information 
3103 is given to the multi stage hash means 317Hash operation H of the number 
of stag;es equivalent to the number of times 3106 of effective is performed to the 
hash value 3109 (ST3109)and the multi stage hash value 3114 of a result is sent 
to the authentication server means 32 as attestation challenge answer 
Response303 via the 1st transmission and reception means 31 1 (ST31 10). 
[0084]On the other handin the authentication server means 32it is received by the 
2nd transmission and reception means 321 the multi stage hash value 3208 is taken 
outand attestation challenge answer Response303 is sent to the attestation 
collation means 326 (ST3206). The attestation collation means 326 performs the 
coincidence decision of the multi stage hash value 3207 and the multi stage hash 
value 3208 (ST3207)While sending the collated result 3209 to the ticket identifier 
creating means 327it sends to the attestation child addition means 328 as it is by 
making the multi stage hash value 3208 into the multi stage hash value 3210. When 
the collated result 327 shows coincidencethe ticket identifier creating means 327 
generates the effective ticket identifier 3212and sends it to the attestation child 
addition means 328 (ST3208). 

[0085;iattestation — a time check — the means 322 has clocked current time and 
supplies the time stamp 321 1 based on current time to the attestation child 



addition means 328. The attestation child addition means 328 connects the 
publisher identifier which shows ticket identifier 3212multi stage hash value 
3210number-of-times [ of effective ] 3202time stamp 321 1 server identifier 
3203and authentication server 32 selfOn the other handan attestation child is 
generated and addedand it is considered as the authentication ticket data 3213 
(ST3209)and sends to the client means 31 as authentication ticket Ticket304 via 
the 2nd transmission and reception means 321 (ST3210). 
[0086]On the other handin the client means 31 it is received by the 1st 
transmission and reception means 31 Ithe authentication ticket data 31 10 is taken 
outand authentication ticket Ticket304 is sent to said ticket holding mechanism 
314 (ST31 11). Said ticket holding mechanism 314 matches the authentication 
ticket data 31 10 with the server identifier 31 01 and holds it (ST31 1 2)passing the 
1st transmission and reception means 31 1 for the authentication ticket data 
31 1 1when the use approval procedure starting information 3104 is given — as 
authentication ticket Ticket305 — the approval demand Authorize Request ~ the 
approval server means 33 — sending (ST31 13). The number of times 31 12 of 
effective is taken out from authentication ticket dataand it sends to the multi 
stage hash means 317. 

[0087]On the other handin the approval server means 33it is received by the 3rd 
transmission and reception means 331the authentication ticket data 3301 is taken 
outand the approval demand Authorize Request accompanied by authentication 
ticket Ticket305 is sent to the attestation child verifying means 333 (ST3301). 
While the attestation child verifying means 333 verifies compatibility with data 
divisions other than the attestation child of the authentication ticket data 3301 and 
an attestation child and sends the verification result 3304 to the ticket effective 
judging means 334 (ST3304)The time stamp 3302 and the server identifier 3303 
are taken out from a data divisionthe ticket identifier 3305the multi stage hash 
value 3306the number of times 3307 of effectiveand the publisher identifier 3308 
are taken out to the ticket effective judging means 334and it sends to the ticket 
use management tool 335respectively. 

[0088] approval — a time check ~ the means 332 has clocked current time and 
supplies the time stamp 3309 based on current time to the ticket effective judging 
means 334. When the verification result 3304 shows those without an errorthe 
ticket effective judging means 334 (ST3305)While performing the coincidence 
decision of the server identifier 3303 and the self-server identifier held inside 
(ST3302ST3303)It confirms that the difference of the time stamp 3302 and the 
time stamp 3309 based on current time is within the limits of the predetermined 
term of validity (ST3306ST3307)and when all are truththe ticket effective notice 
3310 i:5 sent to the ticket use management tool 335. If security will improve if this 
term of validity is set up shortbut user convenience falls and is set up for a long 
timeuser convenience will improvebut since security fallsit should take into 
consideration and define these balance. For examplewhat is necessary is just to 
carry out in 12 hours in 8 hours which can cover the office hours on the Istif it 
applies to the business-use system by which severe security is not demanded. 



however the shortest — the hour corresponding between a client - a server 

and — oach — a time check — it can be necessary to cover the time error 
between means 

[0089]When the ticket use management tool 335 has managed the ticket list at 
this time and the ticket effective notice 3310 is givenit is investigated whether the 
ticket ioentifier 3305 is usedunder a ticket list is searchedand it is already 
registered (ST3308). If there is no applicable thingthe group of the number of 
times 3307 of effective as a value which remains with the ticket identifier 3305 
and the number of times 3307 of effectiveand shows the number of times of 
available will be added to a ticket listand will be memorized (ST3309ST3310). At 
this timeit may memorize in accordance with the multi stage hash value 3306 and 
the publisher identifier 3308. When there is this added group or a thing applicable 
by searshit receives that this ** constructsit asks for the using frequency 331 1 
which the ticket use management tool 335 remainsreduces the number of times of 
available oneremains with the number of times of effectiveand a difference with 
the number of times of available shows (ST331 DWhile sending this to the client 
means 31 as approval challenge Challenge306 via the 3rd transmission and 
reception means 331 (ST3312)it sends also to the 3rd multi stage hash means 336. 
It sends to the approval collation means 337 as it is by making the multi stage 
hash value 3306 into the multi stage hash value 3312. 
[0090]On the other handin the client means 31 it is received by the 1st 
transmission and reception means 31 Ithe using frequency 3115 is taken outand 
approval challenge Challenge306 is sent to the multi stage hash means 317 
(ST31 14). When the use approval procedure starting information 3104 is giventhe 
multi s1:age hash means 317The hash value 3113 is obtained fi-om said secret 
memor/ measure 316 (ST3115)Hash operation H of the number of stages 
equivalent to the difference of the number of times 31 12 of effective and the using 
frequency 3115 is performed to the hash value 3113 (ST3116)The multi stage hash 
value 31 16 of a result is sent to the approval server means 33 as approval 
challenge answer Response307 via the 1st transmission and reception means 31 1 
(ST3117). 

[0091]Since hash operation H cannot calculate this multi stage hash value 31 16 
for the sufficiently safe third party who does not know the password PW and the 
random number RO as long as iton the other handhas tropismthe length of a 
resultand random naturelt is shown that it is a valid user which gets to know the 
password PW by this multi stage hash value 31 16. Since many number of stageses 
of hash operation H in a multi stage hash value are performed so that it went back 
in the past and the following multi stage hash value is also incalculable from this 
multi stage hash value 31 16there is also no necessity for encryption. Generally it 
is supposed 100 or more times [ operation / code ] that it is hash operation a high 
speedand if it is a suitable number of stagesit can process at high speed than the 
case where a code is used. 

[0092]On the other handin the approval server means 33it is received by the 3rd 
reception means 33 Ithe multi stage hash value 3313 is taken outand approval 



challenge answer Response307 is sent to the 3rd multi stage hash means 336 
(ST3313). The 3rd multi stage hash means 336 performs hash operation H of the 
number of stages equivalent to the using frequency 331 1 to the multi stage hash 
value 331 Sand sends the secondary multi stage hash value 3314 of a result to the 
approval collation means 337 (ST3314). The approval collation means 337 performs 
the coircidence decision of the multi stage hash value 3312 and the secondary 
multi stage hash value 3314 (ST3315ST3316)If it is truththe notice 3315 of 
approval will be sent to the client means 31 as notice Resultof approval308 via the 
3rd transmission and reception means 331 (ST3317)and it is received in the client 
means 31 (ST3118). By this methodthe client means 31 can obtain use approval to 
n times using the authentication ticket 305without revealing the password PW to a 
third party including the approval server means 33. 

[0093]Although it had composition which calculates a multi stage hash value in the 
client means 31 at every use approval procedure in the above explanationit is good 
also as composition which carries out precomputation of the multi stage hash 
value of all the number of stageses at the time of acquisition of an authentication 
ticketand is memorized to the secret memory measure 316. In that caseprocessing 
time for every use approval procedure of what needs to use the more nearly mass 
Tampa- proof nature memory device as the secret memory measure 316 can be 
shortened more. 

[0094]Nextin the authentication system of a 4th embodiment shown in drawing 
5the detailed example of composition and operation of the attestation child 
addition means 328 at the time of using a message authorization code as an 
attestation child and the attestation child verifying means 333 are explained with 
reference to drawing 7 a nd drawing 8 . 

[0095]The attestation child addition means 328 is provided with the following. 

The self-identifier storage means 328A the identifier which shows the 

authentication server itself was remembered to be as shown in drawing 7. 

Data connecting mechanism 328B which connects data. 

A connection data hash means 328C to perform hash operation h. 

The server common key memory measure 328D which memorizes the server 

common key with common authentication server means 31 and approval server 

means 32 which it has as secretthe common key system cryptographer stage 

328E which performs cipher processing of a common key systemand attestation 

child connecting mechanism 328F which connects an attestation child with data. 

[0096]This self^identifier storage means 328A comprises a memoryfor example. 
The djita connecting mechanism 328B can consist of logic circuitsfor example. The 
connection data hash means 328C comprises an arithmetic circuit which 
incorporated the algorithm of hash operation hfor example. Hash operation h may 
be the same as hash operation Hor may differ here. If the server common key 
memory measure 328D is the memory device which comprised a memoryfor 
example and had the Tampa-proof naturein additionit is good. The common key 
system cryptographer stage 328E comprises the arithmetic circuit or cipher- 



processing exclusive processor which incorporated the cryptographic algorithmfor 
example. As a cryptographic algorithmDESTriple DESetc. can be used herefor 
example. The attestation child connecting mechanism 328F comprises a logic 
circuitfcr example. 

[0097]The attestation child separating mechanism 333A into which the attestation 
child verifying means 333 separates an attestation child from data as shown in 
drawing 8The 2nd connection data hash means 333B that performs hash operation 
hThe 2rid server common key memory measure 333C that memorizes the server 
common key with common authentication server means 31 and approval server 
means 32 which it has as secretit provides with the 2nd common key system 
cryptographer stage 333D that performs cipher processing of a common key 
systemlhe data separation means 333E which carries out division separation of 
the data divisionthe publisher identifier collation means 333F which compares a 
publisher identifierand the comparison means 333G which carries out comparison 
verifica :ion of the message authorization code. 

[0098]This attestation child separating mechanism 333A comprises a logic 
circuitfor example. The 2nd connection data hash means 333Bthe 2nd server 
common key memory measure 333Cand the 2nd common key system 
cryptographer stage 333D are constituted like 328C328Dand 328E in drawing 
7respeotively. The data separation means 333E comprises a logic circuitfor 
example. The publisher identifier collation means 333F comprises a memory circuit 
and a comparison circuitfor example. The comparison means 333G is constituted 
by the combination of a comparison circuitfor example. Each above-mentioned 
means may be realized using the computer program on a microcomputer or a 
general purpose computer. Or it may record on a program recording medium in the 
form which can read the computer programand the composition combined with the 
program-recording-medium reader may realize. 

[0099]Operation of the attestation child addition means 328 constituted as 
mentioned above and the attestation child verifying means 333 is explained. In the 
attestation child addition means 328the identifier which shows the authentication 
server itself to the data connecting mechanism 328B from the self-identifier 
storage means 328A is first supplied as the publisher identifier 328a. The number 
of times 3202 of effective and the server identifier 3203 which acquired the data 
connecting mechanism 328B from the 2nd transmission and reception means 
321 the multi stage hash value 3210 obtained from the attestation collation means 
326and attestation ~ a time check ~ with the time stamp 321 1 obtained from 
the means 322. It arranges and connects in an order that the ticket identifier 3212 
obtained from the ticket identifier creating means 327 and the publisher identifier 
328a obtained from the self-identifier storage means 328A were able to be 
definedand sends to the connection data hash means 328C and the attestation 
child connecting mechanism 328F as the data division 328b. 
[01 00] The connection data hash means 328C performs hash operation h to the 
data division 328band sends the hash value 328c of a result to the common key 
system cryptographer stage 328E. The common key system cryptographer stage 



328E obtains the server common key 328cl from the server common key memory 
measure 328Duses this for an encryption keyenciphers the hash value 328cand 
sends it to the attestation child connecting mechanism 328F as the message 
authorization code 328e. The attestation child connecting mechanism 328F 
connects the message authorization code 328e with the data division 328band 
outputs the authentication ticket data 3213. 

[0101]In the attestation child verifying means 333the authentication ticket data 
3301 is 1-lrst inputted into the attestation child separating mechanism 333AIt 
separates into the message authorization code 333a and the data division 333band 
the message authorization code 333a is sent to the comparison means 333Gand 
the data division 333b is sent to the 2nd connection data hash means 333B and 
data separation means 333Erespectively. The 2nd connection data hash means 
333B pe rforms hash operation h to the data division 333band sends the hash value 
333c of a result to the 2nd common key system cryptographer stage 333D. The 
2nd common key system cryptographer stage 333D obtains the server common 
key 333d from the 2nd server common key memory measure 333Cuses this for an 
encryption keyenciphers the hash value 333cand sends it to the comparison 
means 333G as the message authorization code 333e for comparison. While it 
separates into the time stamp 3302the server identifier 3303the ticket identifier 
3305th€! multi stage hash value 3306the number of times 3307 of effectiveand the 
publisher identifier 3308 and the data separation means 333E outputs the data 
division 333bAbout the publisher identifier 3308it sends also to the publisher 
identifieir collation means 333F. The publisher identifier collation means 333F 
compares whether the publisher identifier 3308 is an identifier of the 
authentication server 32and sends 333 f of collated results to the comparison 
means 333G. The comparison means 333G outputs the verification result 3304 
based on whether 333 f of collated results show coincidenceor the message 
authorization code 333a and the message authorization code 333e for comparison 
are in agreement. Each that the verification result 3304 shows those without an 
error is the case of being in agreement. 

[0102]Nextin the authentication system of a 4th embodiment of drawing 5t he 
compoijition and operation of the attestation child addition means 328 at the time 
of using a digital signature as an attestation child and the attestation child 
verifying means 333 are explained with reference to drawing 9 and drawing 10 . 
Differing from drawing 7 in drawing 9 instead of the server common key memory 
measure 328D and the common key system cryptographer stage 328EIt is in the 
point of having formed the public key system cryptographer stage 328H which 
performs cipher processing of the self-secret key memory measure 328G which 
memorizes the public key system code secret key of authentication server 32 
selfand a public key system. If it is the memory device which could use the 
memoryfor example and had the Tampa-proof nature as the self-secret key 
memory measure 328Gin additionit is good. As the public key system 
cryptographer stage 328Hthe arithmetic circuit or cipher-processing exclusive 
proces sor which incorporated the cryptographic algorithmfor example can be used. 



As a cryptographic algorithmRSAan elliptic curve cryptosystemetc. can be used 
herefor example. 

[0103]Differing from drawing 8 in drawing 10 The 2nd server common key memory 
measure 333CInstead of the 2nd common key system cryptographer stage 333D 
and the publisher identifier collation means 333FThe public key system decoding 
means 333J which performs decoding processing of the server public key 
accumulation means 333H which matches the public key of the authentication 
server means 31 with a server identifierand accumulates it one or moreand a 
public key system code is establishedand it is in the point of having changed 
connection between these. The server public key accumulation means 333H is 
good also as what accumulates not only the authentication server means 32 but 
the public key of the approval server means 33. As the server public key 
accumulation means 333Ha memory circuit can be usedfor exampleand if it is a 
mass memory devicein additionit is good. As the public key system decoding 
means 333Jthe arithmetic circuit or cipher-processing exclusive processor which 
incorporated the decoding algorithmfor example can be used. It cannot be 
overemphasized that the decoding algorithm corresponding to the cryptographic 
algorithm in the public key system cryptographer stage 328H is used as a decoding 
algorithm here. Each above-mentioned means may be realized using the computer 
program on a microcomputer or a general purpose computer. Or it may record on 
a program recording medium in the form which can read the computer programand 
the composition combined with the program-recording-medium reader may realize. 
[0104]Operation of the attestation child addition means 328 constituted as 
mentioned above and the attestation child verifying means 333 is explained. In the 
attestation child addition means 328the self-identifier storage means 328Athe 
data connecting mechanism 328BOperation of the connection data hash means 
328C is the same as that of the case of drawing 7 the data division 328b is 
supplied to the attestation child connecting mechanism 328Fand the hash value 
328c is supplied to the public key system cryptographer stage 328Hrespectively. 
The public key system cryptographer stage 328H obtains the self-secret key 328f 
from the sell^secret key memory measure 328Guses this for an encryption 
keyenciphers the hash value 328cand sends it to the attestation child connecting 
mecharism 328F as 328g of digital signatures. The attestation child connecting 
mechanism 328F connects 328 g of digital signatures with the data division 
328band outputs the authentication ticket data 3213. 

[0105]In the attestation child verifying means 333the authentication ticket data 
3301 is first inputted into the attestation child separating mechanism 333AIt 
separates into 333 g of digital signaturesand the data division 333band 333 g of 
digital signatures are sent to the public key system decoding means 333Jand the 
data division 333b is sent to the 2nd connection data hash means 333B and data 
separation means 333Erespectively. The 2nd connection data hash means 333B 
performs hash operation h to the data division 333band sends the hash value of 
333 h cf a result to the comparison means 333G. While it separates into the time 
stamp 3302the server identifier 3303the ticket identifier 3305the multi stage hash 



value 3306the number of times 3307 of effectiveand the publisher identifier 3308 
and the data separation means 333E outputs the data division 333bAbout the 
publishe'- identifier 3308it sends also to the server public key accumulation means 
333H. While the publisher identifier 3308 carries out search collation of whether it 
is an identifier of the known authentication server 31 (or approval server 32) and 
sends the collated result 333i to the comparison means 333Gthe server public key 
accumulation means 333HThe server public key 333j corresponding to the 
publisher identifier 3308 is sent to the public key system decoding means 333J. 
[0106]The public key system decoding means 333J uses the server public key 333j 
for a decode keydecrypts 333 g of digital signaturesand sends them to the 
comparison means 333G as the hash value 333k for comparison. The comparison 
means 333G outputs the verification result 3304 based on whether the collated 
result 333i shows coincidence or the hash value of 333 h and the hash value 333k 
for comparison are in agreement. Each that the verification result 3304 shows 
those without an error is the case of being in agreement. 
[0107]Thuswhen an authentication system takes the composition of this 
embodimenteven if a client side is a device with low computation capabilityit 
becomes possible to perform use approval processing by practical processing time. 
[0108](A 5th embodiment) A 5th embodiment explains the block configuration of 
each means to perform the concrete communication procedure and it in the 
authentication system of a 3rd embodiment. 

r0109]C rawing 1 1 is a protocol sequence diagram showing the protocol of the 
authentication system in a 5th embodiment. It is to differ from drawing 4 in 
drawing 1 1 with the client means 41 with a user interfaceand an authentication 
server means 42 to perform user authenticationand the approval server means 33 
does not have a change. .Attestation challenge answer Response401 via a user 
interface. The point accompanied by the exclusive OR result (the sign shows 
EXCLUSIVE OR operation) of the result of having given 1 step of hash operation H 
to connection by the password PW and the random number RO which were 
inputtedand the random number SO for attestation which the client means 41 
generated in secrecyAuthentication ticket Ticket402the point that the hash 
operation result by which 403 is accompanied is a hash operation result of n stage 
to the random number SO for attestationit differs in that the hash operation result 
by which approval challenge answer Response404 is accompanied is the hash 
operation of the n-k stage to the random number SO for attestation. 
[01 10]EJy the above protocol sequencesthe client means 41 without revealing the 
password PW to a third party including the approval server means 33Use approval 
can be obtained to n times using the authentication ticket 402and it does not 
become even a target of attack for stealing the password PW by an inaccurate 
third partysince the authentication tickets 402 are contents unrelated to the 
password PWbut safety is higher. 

[01 1 1]It explains referring to the functional block diagram of drawing 12 f or the 

composition with such a protocol sequence of an authentication system. 

[01 12]Also in drawing 12 an authentication server means 42 to perform the client 



means 41 and user authentication with a user interface differs from drawing Sand 
the approval server means 33 does not have a change. Differing from the client 
means 31 of drawing 5 in the client means 41 establishes the random number 
generating means 41 1 for attestation which generates a random number for every 
user authentication processingand the 1st exclusive OR means 412 that performs 
EXCLUSIVE OR operation for every bitand it is at the point of having changed a 
part of c:onnection. Differing from the authentication server means 32 of drawing 5 
in the authentication server means 42Instead of the 2nd multi stage hash means 
325 and the attestation collation means 326The 2nd exclusive OR means 422 that 
performs EXCLUSIVE OR operation for every 2nd 421 bit hash means that 
performs hash operation Hand the 2nd multi stage hash means 423 that performs 
hash operation H of the given number of stages are formedand it is in the point of 
having changed a part of connection. As the random number generating means 41 1 
for attestationthe arithmetic circuit which incorporated the random number 
generaton algorithmfor exampleor the inverter which data-izes an electromagnetic 
noise can be used. As the 1st and 2nd exclusive OR means 412 and 422a logic 
circuit can be usedfor example. As the 2nd hash means 421 the arithmetic circuit 
which incorporated the algorithm of hash operation Hfor example can be used. The 
counter etc. which count the connection which feeds back an outputfor example 
to the same arithmetic circuit as 421 and a number of stages as the 2nd multi 
stage hash means 423 can be added and constituted. Each above-mentioned 
means may be realized using the computer program on a microcomputer or a 
general purpose computer. Or it may record on a program recording medium in the 
form which can read the computer programand the composition combined with the 
progran-recording-medium reader may realize. 

[0113]It explains referring to drawing 13 for operation of the authentication system 
constitjted as mentioned above. Herethe case where authentication demand 
Authenticate Request301 is accompanied by the number of times n of 
authentication ticket effective is explained. 

[0114]l-irstin the client means 41 and the authentication server means 42operation 
of the 1st and 2nd transmission and reception means 31 1 and 321 the input means 
312the ticket holding mechanism 314the processing selecting means 315the 
authentication information storage means 323and the random number generating 
means 324 is the same as that of the case of drawing 5 and drawing 6I t is 
exchanged in authentication demand Authenticate Request301 and attestation 
challenge Challenge302In the client means 41 the number of times 4201 of 
effectivethe server identifier 3203the password 3204the notice 4202 of search 
resultsand the challenge random number 3206 are obtained for the user 
authertication processing starting information 4101 or the use approval procedure 
starting information 3104 in the authentication server means 42. Howeverthe point 
that the user authentication processing starting information 4101 is sent to said 
input means 312the random number generating means 41 1 for attestationand the 
1st exclusive OR means 412The point that the number of times 4201 of effective 
is sent to the 2nd multi stage hash means 423 and attestation child addition 



means 328The point that the notice 4202 of search results is sent to the 2nd hash 
means 421 random number generating means 324and ticket identifier creating 
means 327While the challenge random number 3206 is sent to the 2nd hash means 
421it dif-ers in that it is sent to the client means 41 via the 2nd transmission and 
reception means 321. 

[01 15]Nextin the client means 41 the random number generating means 41 1 for 
attestation If the user authentication processing starting information 4101 is 
giventhe random number 4102 for attestation used for an attested proof will newly 
be generated at random and in secrecyand will be sent to the 1st exclusive OR 
means 412 and secret memory measure 316 (ST4101). The secret memory 
measure 316 memorizes the random number 4102 for attestation in secrecyand 
permits only predetermined accessi.e.the renewal of an addition in a user 
authentication procedure and the reference in a use approval procedure(ST4102). 
If the user authentication processing starting information 4101 is giventhe 1st 
exclusive OR means 412EXCLUSIVE OR operation for every bit is performed 
between the hash value 4103 and the random number 4102 for attestation which 
were obtained from the hash means 313The disturbance hash value 4104 obtained 
as a result is sent to the authentication server means 42 as attestation challenge 
answer FResponse401 via the 1st transmission and reception means 31 1 
(ST4103ST4104). 

[01 16]0n the other handin the authentication server means 42it is received by the 
2nd transmission and reception means 321 the disturbance hash value 4204 is 
taken outand attestation challenge answer Response401 is sent to the 2nd 
exclusive OR means 422 (ST4202). On the other handwhen the notice 4202 of 
search results shows owner **the 2nd hash means 421 performs hash operation H 
to connection by the password 3204 and the challenge random numbers 3206and 
supplies the hash value 4203 of a result to the 2nd exclusive OR means 422 
(ST4201). The 2nd exclusive OR means 422 performs EXCLUSIVE OR operation 
for ever^^ bit between the hash value 4203 obtained from the 2nd hash means 
421 and the disturbance hash value 4204and sends the random number 4205 for 
attestation obtained as a result to the 2nd multi stage hash means 423 (ST4203). 
The 2nd multi stage hash means 423 performs hash operation H of a number of 
stages equivalent to the number of times 4201 of effective to the random number 
4205 for attestationand sends the multi stage hash value 4206 of a result to the 
attestation child addition means 328 (ST4204). 

[01 17]the following and ticket identifier creating means 327 and attestation — a 
time check — operation of the means 322 and the attestation child addition 
means 328although it is the same as that of the case of drawing 4 and drawing 
5The point of using the notice 4202 of search results instead of the ticket 
identifier creating means 327 being the collated result 3209It differs in that the 
number of times 4201 of effective and the multi stage hash value 4206 are used 
instead of the attestation child addition means 328 being the number of times 
3202 of effectiveand the multi stage hash value 3210The authentication ticket 
data 4207 of contents which are different in the authentication ticket data 3213 is 



obtained (ST4205)and it is sent to the client means 41 as authentication ticket 
Ticket402 via the 2nd transmission and reception means 321. 
[01 18]0n the other handin the client means 41 It operates like the case where said 
1st transmission and reception means 31 1 and said ticket holding mechanism 314 
are drawing 5 and drawing 6 When the use approval procedure starting information 
3104 is givenauthentication ticket Ticket403 is sent to the approval server means 
33 with the approval demand Authorize Requestand the number of times 31 12 of 
effective is supplied to the multi stage hash means 317. 

[01 19]0peration of the approval server means 33 for this is the same as that of 
the case of drawing 5 and drawing B and approval challenge Challenge306 is 

returned. 

[0120]On the other handin the client means 41 it operates like the case where said 
1st transmission and reception means 311 and the multi stage hash means 317 are 
drawing 5 and drawing 6 . Howeverit is the random number 4105 for attestation 
which is obtained from said secret memory measure 316 (ST4105)and processing 
is perforned to this. Namelythe multi stage hash means 317 performs hash 
operation H of the number of stages equivalent to the difference of the number of 
times 31 12 of effectiveand the using frequency 31 15 (ST4106)The multi stage 
hash value 4106 of a result is sent to the approval server means 33 as approval 
challenge answer Response404 via the 1st transmission and reception means 31 1 
(ST4107). 

[0121]It is only that the candidate for hash differs between the multi stage hash 
value by which approval challenge answer Response404 which the approval server 
means 33 obtains by this is accompaniedand the multi stage hash value by which 
authentication ticket Ticket403 is accompanied in the case of drawing 5 and 
drawing Sand the operation relation between the former and the latter is 
maintained. Thereforeif operation of the approval server means 33 for this may be 
the same as that of the case of drawing 5 and drawing 6 checks the relation of two 
multi stage hash values and accepts that it is justnotice Resultof approval308 will 
be returnedand it is received in the client means 41. By this methodwithout 
revealing the password PW to a third party including the approval server means 
33the password PW of the client means 41 is unrelatedand it can obtain use 
approval to n times using the higher authentication ticket 402 of safety. 
[01 22] Although it had composition which calculates a multi stage hash value in the 
client means 41 at every use approval procedure in the above explanationit is good 
also as composition which carries out precomputation of the multi stage hash 
value of all the number of stageses at the time of acquisition of an authentication 
ticketand is memorized to the secret memory measure 316. In that caseprocessing 
time for every use approval procedure of what needs to use the more nearly mass 
Tampa-proof nature memory device as the secret memory measure 316 can be 
shortened more. 

[0123]Thuswhen an authentication system takes the composition of this 
embodimenteven if a client side is a device with low computation capabilityit 
becomejj possible to perform use approval processing by practical processing time. 



Since the collation information included in an authentication ticket becomes 
unrelated to user authentication informationa possibility that user authentication 
information will be guessed disappears from an authentication ticketand single 
sign-on type an authentication method and an authentication system with higher 
safety are obtained. 

[0124](A 6th embodiment) In the authentication system of a 6th embodimentthe 
authentication ticket in which using frequency was updated is sent to a client 
means with the notice of approval from an approval server. 
r0125]D rawing 14 is a protocol sequence diagram showing the protocol of this 
authentication system. In drawing 14t he client means 51 and the approval server 
means 53 differ from drawing 4 and the authentication server means 32 does not 
have a change. It differs in that authentication ticket Ticket501 updated by the 
client mtjans 51 with notice Resultof approval308 from the approval server 53 is 
sent. 

[0126]This authentication ticket Ticket501 compared with the authentication 
ticket 305the following point is different. 

[0127]That isthe n+1-step hash operation result in the authentication ticket 305 is 
transposed to the +1 step of n-k hash operation result (k is using frequency). The 
number of times n of effective in the authentication ticket 305 remainsand it is 
transposed to number-of-times n-k of available. Time stamp TSO is transposed to 
the new time stamp TSk. The publisher identifier IID is transposed to the server 
identifier which shows approval server 53 self. A new attestation child is added. 
[0128]B/ this methodthe client means 51 can obtain use approval to n times using 
the authentication ticket 304 or the updated authentication ticket 501 without 
revealing the password PW to a third party including the approval server means 53. 
Since the time stamp of an authentication ticket is updated each timethe term of 
validity can be set up shorter. Thereforethe period which can become a target of 
attack by an inaccurate third party becomes shortand safety is higher. Since the 
number of the hash operations in the approval server means 53 may be onethe 
response time in a use approval procedure can be shortened. 
[0129]It explains referring to drawing 1 5 f or the composition with such a protocol 
sequence of an authentication system. 

[0130]In drawing 1 5t he client means 51 and the approval server means 53 differ 
from dr awing 5 and the authentication server means 32 does not have a change. 
Differing from the client means 31 of drawing 5 in the client means 51 has the 
ticket holding mechanism 51 1 in the point of having enabled it to also hold the 
authentication ticket data 5101 of authentication ticket Ticket501 from the 
approval server means 53. Differing from the approval server means 33 of drawing 
5_in the approval server means 53The ticket use management tool 531 shall 
remain and the number of times of available shall also be outputted. The 3rd hash 
means 532 that performs 1 step of hash operation H instead of the 3rd multi stage 
hash means 336 is formedthe 2nd attestation child addition means 533 that 
generates and adds the attestation child to an authentication ticket is newly 
establishedand it is in the point of having changed a part of connection. 



[0131]A£ this ticket holding mechanism 511 the same composition as the ticket 
holding mechanism 314 can add and use connection. As the ticket use 
management tool 531 the same composition as the ticket use management tool 335 
can add and use connection. As the 3rd hash means 532the arithmetic circuit 
which incorporated the algorithm of hash operation Hfor example can be used. As 
the 2nd attestation child addition means 533the same composition as the 
attestation child addition means 328 can be used. Each above-mentioned means 
may be realized using the computer program on a microcomputer or a general 
purpose computer. Or it may record on a program recording medium in the form 
which can read the computer programand the composition combined with the 
program -recording-medium reader may realize. 

[0132]It explains referring to drawing 1 6 f or operation of the authentication system 
constituted as mentioned above. Herethe case where authentication demand 
Authenticate Request301 is accompanied by the number of times n of 
authentication ticket effective is explained. 

[0133]Firstthe operation in the client means 51 and the authentication server 
means 32 is the same as that of the case of drawing 5 and drawing 6a user 
authentication procedure is performed andeventuallyauthentication ticket 
Ticket3()4 is sent to the client means 51 from the authentication server means 32. 
[0134]On the other handin the client means 51 The 1st transmission and reception 
means 311 operates like the case of drawing 5 and drawing 6 and the ticket holding 
mechanism 51 1 operates like drawing 5 and the ticket holding mechanism 314 in 
the case of drawing 6W hile authentication ticket Ticket305 is sent to the approval 
server neans 53 with the approval demand Authorize Requestthe number of times 
31 12 of effective is taken out from authentication ticket dataand it is sent to the 
multi stage hash means 317. 

[0135]Cn the other handin the approval server means 53the 3rd transmission and 
reception means 331 and approval ~ a time check ~ the means 332the 
attestation child verifying means 333and the ticket effective judging means 334 
operating like the case of drawing 5 and drawing 6 andThe ticket identifier 3305the 
multi stage hash value 3306the number of times 3307 of effectivethe publisher 
identifier 3308and the ticket effective notice 3310 are supplied to the ticket use 
management tool 531. The ticket use management tool 531 operates almost like 
drawing 5 and the ticket use management tool 335 in the case of drawing 
BAIthough the using frequency 5301 is sent to the client means 51 as approval 
challenge Challenge306 via the 3rd transmission and reception means 331 and 
being sent to the approval collation means 337 as it is by making the multi stage 
hash value 3306 into the multi stage hash value 5302Furthermoreit remains with a 
ticket identifierthe group 5303 of the number of times of available and a server 
identifier is outputtedand it sends to the 2nd attestation child addition means 533. 
[0136]Operation of the client means 51 for this is the same as that of the case of 
drawing: 5 and drawing 6 and approval challenge answer Response307 is returned to 
approval challenge Challenge306. 

[0137]On the other handin the approval server means 53it is received by the 3rd 



transmis:3ion and reception means 331the multi stage hash value 5304 is taken 
outand approval challenge answer Response307 is sent to the 3rd hash means 532 
and the 2nd attestation child addition means 533. The 3rd hash means 532 
performs hash operation H to the multi stage hash value 5304and sends the 
secondary multi stage hash value 5305 whose number of stages of hash increased 
by one to the approval collation means 337 (ST5301). The approval collation 
means 337 performs the coincidence decision of the multi stage hash value 5302 
and the secondary multi stage hash value 5305 (ST5302ST3316)and sends the 
collated ^esult 5307 to the 2nd attestation child addition means 533. 
[0138]approval — a time check — the means 322 has clocked current time and 
supplies the time stamp 5306 based on current time to the 2nd attestation child 
addition means 533. The 2nd attestation child addition means 533 connects the 
publisher identifier which remains with a ticket identifier and shows number-of- 
times [ of available ]group [ of a server identifier ] 5303multi stage hash value 
5304time stamp 5306and approval server 53 selfOn the other handan attestation 
child is generated and addedand it is considered as the authentication ticket data 
5308 (ST5303)and sends to the client means 51 with notice Resultof approval308 
as authentication ticket Ticket501 via the 3rd transmission and reception means 
331 (ST5304). 

[0139]On the other handin the client means 51 It is received by the 1st 
transmission and reception means 31 land authentication ticket Ticket501 is sent 
to said ticket holding mechanism 51 1 as the authentication ticket data 51 01 is held 
(ST5101 ST5102)and is used in a next use approval procedure. 
[0140]Since the number of stages of the multi stage hash value by which the 
authentication ticket 305 sent to the approval server means 53 is accompanied 
decreas6js every [ 1 ] for every use approval and it goes from the client means 51 
by thisin the approval server means 53what is necessary is just to perform one 
step of hash operationand it can shorten response time. Since a time stamp is 
updatedit can set to the shortness of the grade which can cover the interval of 
access to the term of validityfor examplel hourand the user convenience can 
improve safety without making it fall. By this methodthe client means 31 can obtain 
use approval in the shorter response time to n times using the higher 
authentication ticket 305 of safetywithout revealing the password PW to a third 
party including the approval server means 53. 

[0141]Although it had composition which calculates a multi stage hash value in the 
client means 51 at every use approval procedure in the above explanationit is good 
also as composition which carries out precomputation of the multi stage hash 
value of all the number of stageses at the time of acquisition of an authentication 
ticketand is memorized to the secret memory measure 316. In that caseprocessing 
time for every use approval procedure of what needs to use the more nearly mass 
Tampa-proof nature memory device as the secret memory measure 316 can be 
shortened more. 

[0142]Thusin the authentication system of this embodimentpossibility of the 
unauthorized use by a third party can be made smallerand the response time of 



use approval can be shortened. 

[0143](A 7th embodiment) An authentication ticket can be used for the 
authentication system of a 7th embodiment in common to two or more approval 
servers. 

r0144]D rawing 17 is a protocol sequence diagram showing the protocol of this 
authentication system. In drawing 17t he client means 61 the authentication server 
means 6 Zand the approval server means 63 differ from drawing 4 and it has added 
the authentication ticket management tool 64 further. .Attestation challenge 
answer FResponseSOS. Authentication ticket shelf registration directions 
Registration601 accompanied by the ticket identifier TID and the server identifier 
SID which the received authentication server means 62 took out from 
authentication demand Authenticate RequestSOIand the number of times n of 
effective. The point sent to the authentication ticket management tool 64the point 
accompanied by the using frequency k in approval demand Authorize 
Request602Approval demand Authorize Request602. Authentication ticket 
Ticket3C)5 [ and ]. Authentication ticket history update indication Update603 
accompanied by the ticket identifier TID and the server identifier SID which the 
received approval server means 63 took out from approval demand Authorize 
Request602 and the authentication ticket 305and the using frequency k. The point 
accompanied by the random number Rk generated so that it might differ each time 
instead of the point sent to the authentication ticket management tool 64the point 
that authentication ticket rejected note Reject606 is returned if needed to thisand 
approval challenge Challenge604 being the using frequency kThe points 
accompanied by the result of having carried out EXCLUSIVE OR operation with Rk 
to the result which approval challenge answer Response605 gave hash operation 
[ of +one step of n-k ] H to connection by the password PW and the random 
numbers RO further differ. 

[0145]By this methodthe client means 61 without revealing the password PW to a 
third party including the approval server means 63In order to check by the 
authentication ticket management tool 64 which could obtain use approval to n 
times using the authentication ticket 304sent the using frequency k from the client 
means 61 and became independent in the approval server means 63The 
authentication ticket 304 can be made available in common by two or more 
approval server means 63. 

[0146]I1 explains referring to drawing 18 f or the composition with this protocol 
sequence of an authentication system. Also in drawing 18t he client means 61the 
authentication server means 62and the approval server means 63 differ from 
drawing Sand it has added the authentication ticket management tool 64 further. 
Differing? from the client means 31 of drawing 5 in the client means 61 While holding 
an authentication ticketthe ticket maintenance management tool 611 which 
manages the using frequency k is established instead of the ticket holding 
mecharism 314the 1st exclusive OR means 612 that performs EXCLUSIVE OR 
operation for every bit is establishedand it is in the point of having changed a part 
of connection. Differing from the authentication server means 32 of drawing 5 in 



the authejntication server means 62 forms a ticket registration instruction means 
621 to generate authentication ticket shelf registration indicative dataand it is at 
the point of having changed a part of connection. 

[0147]Di1Teringfrom the approval server means 33 of drawing 5 in the approval 
server means 63The ticket update indication means 631 which generates 
authentication ticket history update indication data while remaining with the ticket 
identifier of an authentication ticket and the number of times of effectivereceiving 
the number of times of available and supplying each part is established instead of 
the ticket use management tool 335The 2nd exclusive OR means 633 that 
performs EXCLUSIVE OR operation for every 2nd 632 bit random number 
generating means that generates a random number for every use approval 
processing is establishedand it is in the point of having changed a part of 
connection. 

[0148]A& this ticket maintenance management tool 61 Ithe adder circuit which 
calculates using frequency is added to the same composition as the ticket holding 
mechanism 335and it is constituted. As the 1st and 2nd exclusive OR means 612 
and 633a logic circuit can be usedfor example. As the ticket registration 
instruction means 621a logic circuit can be usedfor example. As the ticket update 
indication means 631a logic circuit can be usedfor example. As the 2nd random 
number generating means 632the same composition as the random number 
generating means 324 can be used. The combination of the arithmetic circuit and 
comparison circuit which compare various communication-interface devicesthe 
logic circuit which performs division combination of dataand using frequency as 
the authentication ticket management tool 64and a mass memory device can 
constitute. Each above-mentioned means may be realized using the computer 
program on a microcomputer or a general purpose computer. Or it may record on 
a program recording medium in the form which can read the computer programand 
the composition combined with the program-recording-medium reader may realize. 
[0149]It explains referring to drawing 19 f or operation of the authentication system 
constitu-ed as mentioned above. Herethe case where authentication demand 
Authenticate Request301 is accompanied by the number of times n of 
authentication ticket effective is explained. 

[0150]Firstthe operation in the client means 61 in a user authentication procedure 
and the authentication server means 62 is the same as that of the case of drawing 
5_and dr awing 6 almostand authentication ticket Ticket304 is eventually sent to 
the cliert means 61 from the authentication server means 62. Howeverin the client 
means 61the ticket maintenance management tool 61 1 operates the ticket holding 
mechanism 314 at this time. In the authentication server means 62the number of 
times 6201 of effective taken out from authentication demand Authenticate 
Request301 is sent also to the multi stage hash means 325and the ticket 
registration instruction means 621 besides the attestation child addition means 
328The server identifier 6202 is sent to the ticket registration instruction means 
621 besides the attestation child addition means 328and the ticket identifier 6203 
generated by the ticket identifier creating means 327 is sent to the ticket 



registration instruction means 621 besides the attestation child addition means 
328. 

[0151]The ticket registration instruction means 621 connects the ticket identifier 
6203the server identifier 6202and the number of times 6201 of effectiveand 
generates the authentication ticket shelf registration indicative data 6204It sends 
to the authentication ticket management tool 64 as authentication ticket shelf 
registration directions Registration601 via the 2nd transmission and reception 
means 321 (ST6201). It is investigated whether when the ticket list is managed 
and authentication ticket shelf registration directions Registration601 is giventhe 
authentication ticket management tool 64 which received this uses a ticket 
identifiersearches under a ticket listand is already registered. If there is no 
applicable thingthe group of the number of times of effective as a value which 
remains with a ticket identifier and the number of times of effectiveand shows the 
number of times of available will be added to a ticket listand will be memorized. 
[0152]O'i the other handin the client means 61 it is received by the 1st 
transmission and reception means 31 Ithe authentication ticket data 31 10 is taken 
outand authentication ticket Ticket304 is sent to the ticket maintenance 
management tool 61 1 . The ticket maintenance management tool 61 1 matches the 
authentication ticket data 3110 with the server identifier 31 01 and holds itRemain 
and the number of times of effective taken out from authentication ticket data is 
simultaneously managed as the number of times of available (ST6101)When the 
use approval procedure starting information 6101 is giventhe authentication ticket 
data 31 1 1 via the 1st transmission and reception means 31 1 as authentication 
ticket Ticket305The using frequency 6102 obtained by lengthening from the 
number of times of effective taken out from the authentication ticket after 
remaining and reducing the number of times of available one via the 1st (ST6102) 
transmission and reception means 311 as approval demand Authorize 
Request602It sends to the approval server means 63 (ST6103)and the number of 
times 311 2 of effective taken out from authentication ticket data is further sent to 
the mulii stage hash means 317. 

[0153]On the other handin the approval server means 63Authentication ticket 
Ticket305 and approval demand Authorize Request602 are received by the 3rd 
transmission and reception means 331 The authentication ticket data 3301 is taken 
outit is sent to the attestation child verifying means 333the using frequency 6301 
is taken outand it is sent to the ticket update indication means 631 (ST6301). 
approval — a time check — the means 332the attestation child verifying means 
333and the ticket effective judging means 334 operating almost like the case of 
drawing 5 and drawing 6 andHoweverthe server identifier 6302 is sent to the ticket 
update indication means 631 besides the ticket effective judging means 334and 
the effective notice 6303 is sent to the ticket update indication means 631 and 
the 2nd random number generating means 632. If the effective notice 6303 is 
giventhe ticket update indication means 631 Connect the ticket identifier 3305the 
server identifier 6302and the using frequency 6301 and the authentication ticket 
history update indication data 6304 is generatedpassing the 3rd transmission and 



reception means 331 — as authentication ticket history update indication 
Update603 — the authentication ticket management tool 64 — sending (ST6302) 
— it sends to the 3rd multi stage hash means 336 by making using frequency 6301 
into the using frequency 6306 as it is. When authentication ticket history update 
indication Update603 is giventhe authentication ticket management tool 64The 
value which searches under a ticket list using a ticket identifierand shows the 
corresponding number of times of effectivelt is confirmed that it is in agreement 
with the sum total of the corresponding value which remains and shows the 
number of times of availableand the using frequency by which authentication ticket 
history update indication Update603 is accompaniedlf rightthe value which shows 
the number of times of remaining available under ticket list will be reduced oneand 
if not rightauthentication ticket rejected note Reject606 is returned. The 
authentication ticket rejected note 606 is sent to said ticket update indication 
means 631 as the authentication ticket rejected note data 6305 via the 3rd 
transmission and reception means 331 in the approval server means 63. Although 
the tickcjt update indication means 631 is sent to the approval collation means 337 
as it is by making the multi stage hash value 3306 into the multi stage hash value 
3312if the authentication ticket rejected note data 6305 is givenit will deter this. If 
the effective notice 6303 is givenwhile the 2nd random number generating means 
632 will newly generate the challenge random number 6307 for data disturbance at 
random and will send it to the 2nd exclusive OR means 633It sends to the client 
means 61 as approval challenge Challenge604 via the 3rd transmission and 
reception means 331 (ST6303). 

[0154]On the other handin the client means 61 it is received by the 1st 
transmission and reception means 31 1 the challenge random number 6103 is taken 
outand approval challenge Challenge604 is sent to the 1st exclusive OR means 
612 (ST6104). When the use approval procedure starting information 6101 is 
giventhe multi stage hash means 317From said secret memory measure 316the 
hash value 31 13 is obtainedhash operation H of the number of stages which is 
equivalent to the difference of the number of times 31 12 of effective and the using 
frequency 6102 at the hash value 31 13 is performedand the multi stage hash value 
6104 of a result is sent to the 1st exclusive OR means 612. When the use approval 
procedure starting information 6101 is giventhe 1st exclusive OR means 
612EXCLUSIVE OR operation for every bit is performed between the multi stage 
hash value 6104 and the challenge random number 6103The disturbance multi 
stage hash value 6105 is generatedand it sends to the approval server means 63 
as approval challenge answer Response605 via the 1st transmission and reception 
means 311 (ST6105ST6106). Since hash operation H cannot calculate this 
disturbance multi stage hash value 6105 for the sufficiently safe third party who 
does not know the password PWthe random number ROand a challenge random 
number as long as iton the other handhas tropismthe length of a resultand random 
naturelt is shown that it is a valid user which gets to know the password PW by 
this disturbance multi stage hash value 6105. Since many number of stageses of 
hash operation H in a multi stage hash value are performed so that it went back in 



the past and the following multi stage hash value is also incalculable from this 
multi stage hash value 6104there is also no necessity for encryption. Generally it 
is supposed 100 or more times [ operation / code ] that it is hash operation a high 
speedand if it is a suitable number of stagesit can process at high speed than the 
case where a code is used. 

[0155]On the other handin the approval server means 63it is received by the 3rd 
transmission and reception means 331 the disturbance multi stage hash value 6308 
is taken outand approval challenge answer Response605 is sent to the 2nd 
exclusive OR means 633 (ST6304). The 2nd exclusive OR means 633 performs 
EXCLUSIVE OR operation for every bit between the challenge random number 
6307 and the disturbance multi stage hash value 6308obtains the multi stage hash 
value 6309and sends it to the 3rd multi stage hash means 336 (ST6305). The 3rd 
multi stage hash means 336 performs hash operation of the number of stages 
equivalent to the using frequency 6306 to the multi stage hash value 6309and 
sends the secondary multi stage hash value 3314 of a result to the approval 
collation means 337. The approval collation means 337 operates like the case of 
drawing 5 and drawing 6 sends the notice data 3315 of approval to the client means 
61 as notice Resultof approval308 via the 3rd transmission and reception means 
331 and is received in the client means 61. Howeverit is not this limitation when 
supply of the multi stage hash value 3312 is deterred by reception of 
authentication ticket rejected note Reject606 (ST6306ST6307). By this methodthe 
client means 61 can obtain use approval to two or more approval server means 
using the authentication ticket 305 to n timeswithout revealing the password PW 
to a third party including the approval server means 63. 

[0156]Although it had composition which calculates a multi stage hash value in the 
client means 61 at every use approval procedure in the above explanationit is good 
also as composition which carries out precomputation of the multi stage hash 
value of all the number of stageses at the time of acquisition of an authentication 
ticketand is memorized to the secret memory measure 316. In that caseprocessing 
time for every use approval procedure of what needs to use the more nearly mass 
Tampa-proof nature memory device as the secret memory measure 316 can be 
shortened more. 

[0157]Thusthe single sign-on type authentication system with high convenience 
which can use an authentication ticket in common to two or more approval 
servers under the method with which an authentication ticket is not updated can 
consist of this embodiment. 

[0158](An 8th embodiment) The authentication system of an 8th embodiment can 
carry out decentralized administration of the use of an authentication ticket. 
[01 59] D rawing 20 is a protocol sequence diagram showing the protocol of this 
authentication system. In drawing 20t he client means 71 the authentication server 
means 72and the approval server means 73 differ from drawing H and it has added 
the 2nd [ further ] approval server means 74. The point accompanied by the using 
frequency k in approval demand Authorize Request701 Approval demand Authorize 
Request701. Authentication ticket Ticket305 [ and ]. Authentication ticket history 



reference Inquiry702 accompanied by the ticket identifier TID and the server 
identifier SID which the received approval server means 73 took out from approval 
demand Authorize Request701 and the authentication ticket 305and the using 
frequency k. The point sent to the authentication server means 72 or the 2nd 
approval server means 74the point that authentication ticket rejected note 
Reject705 is returned if needed to thisThe point accompanied by the random 
number Rk generated so that it might differ each time instead of approval 
challenge Challenge703 being the using frequency kThe points accompanied by the 
result of having carried out EXCLUSIVE OR operation with Rk to the result which 
approval challenge answer Response704 gave hash operation [ of +one step of n- 
k ] H to connection by the password PW and the random numbers RO further differ. 
[0160]By this methodthe client means 71 without revealing the password PW to a 
third pari:y including the approval server means 73 and the 2nd approval server 
means 74Use approval can be obtained to n times using the authentication ticket 
304 or the updated authentication ticket 501 In order to send and check the using 
frequency k to the authentication server means 72 or the 2nd updated approval 
server means 74 which published the authentication ticket via the approval server 
means 73 from the client means 71 The authentication ticket 304 can be made 
available in common by two or more approval server means 73 and 74and the 
traffic of check processing can be decentralized. 

[0161]It explains referring to drawing 21 for the composition with such a protocol 
sequenci2 of an authentication system. Also in drawing 21 the client means 71the 
authentication server means 72and the approval server means 73 differ from 
drawing 15and it has added the 2nd [ further ] approval server means 74. Differing 
from the client means 51 of drawing 15 in the client means 71 While holding an 
authentication ticketthe ticket maintenance management tool 71 1 which manages 
the using frequency k is established instead of the ticket holding mechanism 
51 Ithe 1st exclusive OR means 712 that performs EXCLUSIVE OR operation for 
every bit is establishedand it is in the point of having changed a part of connection. 
Differing from the authentication server means 32 of drawing 15 in the 
authentication server means 72 establishes the ticket issue management tool 721 
which manages issue of an authentication ticket and is answered to referenceand 
it is at the point of having changed a part of connection. Differing from the 
approval server means 53 of drawing 1 5 in the approval server means 73The 
renewal management tool 731 of a ticket which manages renewal of an 
authentication ticket and is answered to reference while remaining with the ticket 
identifier of an authentication ticket and the number of times of effectivereceiving 
the number of times of available and supplying each part is established instead of 
the tickest use management tool 531 The 2nd exclusive OR means 733 that 
performs EXCLUSIVE OR operation for every 2nd 732 bit random number 
generating means that generates a random number for every use approval 
processing is establishedand it is in the point of having changed a part of 
connect on. The 2nd approval server means 74 has the same composition as the 
approval server means 73. 



[0162]It can be used as the ticket maintenance management tool 71 1 being able to 
add the adder circuit which calculates using frequency to the same composition as 
the ticket holding mechanism 51 1. As the 1st and 2nd exclusive OR means 712 
and 733a logic circuit can be usedfor example. The combination of the arithmetic 
circuit and comparison circuit which compare the logic circuit which performs 
division combination of datafor exampleand using frequency as the ticket issue 
management tool 721 and a mass memory device can constitute. The combination 
of the ar thmetic circuit and comparison circuit which compare the logic circuit 
which performs division combination of datafor exampleand using frequency as the 
renewal management tool 731 of a ticketand a mass memory device can constitute. 
As the 2nd random number generating means 732the same composition as the 
random number generating means 324 can be used. Each above-mentioned means 
may be realized using the computer program on a microcomputer or a general 
purpose computer. Or it may record on a program recording medium in the form 
which can read the computer programand the composition combined with the 
program-recording-medium reader may realize. 

[0163]It explains referring to drawing 22 for operation of the authentication system 
constituted as mentioned above. Herethe case where authentication demand 
Authenticate Request301 is accompanied by the number of times n of 
authentication ticket effective is explained. 

[0164]Firstthe operation in the client means 71 in a user authentication procedure 
and the authentication server means 72 is the same as that of the case of drawing 
15 and d rawing 16 almostand authentication ticket Ticket304 is eventually sent to 
the client means 71 from the authentication server means 72. Howeverin the client 
means 71 the ticket maintenance management tool 71 1 operates the ticket holding 
mechanism 51 1 at this time. In the authentication server means 72the number of 
times 7201 of effective taken out from authentication demand Authenticate 
Request301 is sent to the ticket issue management tool 721 besides the multi 
stage hash means 325 and the attestation child addition means 328The server 
identifier 7202 is sent to the ticket issue management tool 721 besides the 
attestation child addition means 328and the ticket identifier 7203 generated by the 
ticket identifier creating means 327 is sent to the ticket issue management tool 
721 besides the attestation child addition means 328. The ticket issue 
management tool 721 has managed the published ticket listand the group of the 
number of times 7201 of effective as a value which remains with the ticket 
identifier 7203the server identifier 7202and the number of times 7201 of 
effectiveand shows the number of times of available is added to a ticket listand it 
memorizes it (ST7201). 

[0165]Ot the other handin the client means 7 lit is received by the 1st 
transmission and reception means 31 Ithe authentication ticket data 31 10 is taken 
outand authentication ticket Ticket304 is sent to said ticket maintenance 
management tool 71 1 . Said ticket maintenance management tool 71 1 matches the 
authentication ticket data 3110 with the server identifier 31 01 and holds itRemain 
and the number of times of effective taken out from authentication ticket data is 



simultaneously managed as the number of times of available (ST7101)When the 
use approval procedure starting information 7101 is giventhe authentication ticket 
data 31 1 1 via the 1st transmission and reception means 31 1 as authentication 
ticket Tioket305The using frequency 7102 obtained by lengthening from the 
number of times of effective taken out from the authentication ticket after 
remaining and reducing the number of times of available one via the 1st (ST7102) 
transmission and reception means 31 1 as approval demand Authorize 
Request701It sends to the approval server means 73respectively (ST7103)and the 
number of times 31 12 of effective further taken out from authentication ticket 
data is sent to the multi stage hash means 317. 

[0166]On the other handin the approval server means 73Authentication ticket 
Ticket305 and approval demand Authorize Request701 are received by the 3rd 
transmission and reception means 331 The authentication ticket data 3301 is taken 
outit is sent to the attestation child verifying means 333the using frequency 7301 
is taken outand it is sent to the renewal management tool 731 of a ticket (ST7301). 
[0167]approval — a time check — the means 332the attestation child verifying 
means 333and the ticket effective judging means 334 operating almost like the 
case of drawing 1 5 and drawing 1 6 andHoweverthe server identifier 7302 is sent to 
the renewal management tool 731 of a ticket besides the ticket effective judging 
means 334and the effective notice 7303 is sent to the renewal management tool 
731 of a ticketand the 2nd random number generating means 732. If the published 
ticket list is managed and the effective notice 7303 is giventhe renewal 
management tool 731 of a ticketConnect the ticket identifier 3305the server 
identifier 7302and the using frequency 7301 and the authentication ticket history 
inquiry data 7304 is obtainedWhile sending authentication ticket history reference 
Inquiry702 to the authentication server means 72 or the 2nd approval server 
means 74 which the publisher identifier 3308 shows via the 3rd transmission and 
reception means 331The group of the number of times 7301 of effective as a value 
which remains with the ticket identifier 3305the server identifier 7302and the 
number of times 7301 of effectiveand shows the number of times of available is 
added to a ticket listand is memorized (ST7302). 

[0168]In the authentication server means 72 which received thisit is received by 
the 2nd transmission and reception means 321 and authentication ticket history 
reference Inquiry702 is sent to said ticket issue management tool 721 as the 
authentication ticket history inquiry data 7205 having contained a ticket identifiera 
server identifierand using frequency. The using frequency taken out from the 
authentication ticket history inquiry data 7205 said ticket issue management tool 
721 It investigates whether it is in agreement with what remained with the number 
of times of effective managed itselfand was added to the difference with the 
number of times of available oneand in being inharmoniousit returns the 
authentication ticket rejected note data 7204 as authentication ticket rejected 
note Reject705 via the 2nd transmission and reception means 321. When the 2nd 
approval server means 74 receives thisthe role as said ticket issue management 
tool 721 with same renewal management tool of a ticket is performed. 



[0169]In the approval server means 73the authentication ticket rejected note 705 
is sent to said renewal management tool 731 of a ticket as the authentication 
ticket rejected note data 7305 via the 3rd transmission and reception means 331. 
Although said renewal management tool 731 of a ticket is sent to the approval 
collation means 337 as it is by making the multi stage hash value 3306 into the 
multi stage hash value 5302it remains with a ticket identifier and the group 5303 of 
the number of times of available and a server identifier is sent to the 2nd 
attestation child addition means 533These will be deterred if the authentication 
ticket rejected note data 7305 is given. If the effective notice 7303 is givenwhile 
the 2nd random number generating means 732 will newly generate the challenge 
random number 7306 for data disturbance at random and will send it to the 2nd 
exclusive OR means 733It sends to the client means 71 as approval challenge 
Challenge703 via the 3rd transmission and reception means 331 (ST7303). 
[0170]On the other handin the client means 7 lit is received by the 1st 
transmission and reception means 311the challenge random number 7103 is taken 
outand approval challenge Challenge703 is sent to the 1st exclusive OR means 
712 (ST7104). When the use approval procedure starting information 7101 is 
giventhe multi stage hash means 317From said secret memory measure 316the 
hash value 3113 is obtainedhash operation H of the number of stages which is 
equivalent to the difference of the number of times 31 12 of effective and the using 
frequency 7102 at the hash value 31 13 is performedand the multi stage hash value 
7104 of a result is sent to the 1st exclusive OR means 712. When the use approval 
procedure starting information 7101 is giventhe 1st exclusive OR means 
712EXCLUSIVE OR operation for every bit is performed between the multi stage 
hash value 7104 and the challenge random number 7103The disturbance multi 
stage hash value 7105 is generatedand it sends to the approval server means 73 
as approval challenge answer Response704 via the 1st transmission and reception 
means 31 1 (ST7105ST7106). Since hash operation H cannot calculate this 
disturbance multi stage hash value 7105 for the sufficiently safe third party who 
does not know the password PWthe random number ROand a challenge random 
number as long as iton the other handhas tropismthe length of a resultand random 
naturelt is shown that it is a valid user which gets to know the password PW by 
this disturbance multi stage hash value 7105. Since many number of stageses of 
hash operation H in a multi stage hash value are performed so that it went back in 
the past and the following multi stage hash value is also incalculable from this 
multi stage hash value 7104there is also no necessity for encryption. Generally it 
is supposed 100 or more times [ operation / code ] that it is hash operation a high 
speedand if it is a suitable number of stagesit can process at high speed than the 
case where a code is used. 

[01 71]0n the other handin the approval server means 73it is received by the 3rd 
transmission and reception means 331the disturbance multi stage hash value 7307 
is taken outand approval challenge answer Response704 is sent to the 2nd 
exclusive OR means 733 (ST7304). The 2nd exclusive OR means 733 performs 
EXCLUSIVE OR operation for every bit between the challenge random number 



7306 and the disturbance multi stage hash value 7307obtains the multi stage hash 
value 73()8and sends it to the 3rd hash means 532 (ST7305). The 3rd hash means 
532 performs hash operation to the multi stage hash value 7308and sends the 
secondary multi stage hash value 5305 of a result to the approval collation means 
337. The approval collation means 337 and the 2nd attestation child addition 
means 533 operate like the case of drawing 15 and drawing 16 and send the 
authentication ticket data 5308 to the client means 71 as authentication ticket 
Ticket501 via the 3rd transmission and reception means 331. Howeverit is not this 
limitationwhen it remains with the multi stage hash value 5302 and a ticket 
identifier by reception of authentication ticket rejected note Reject705 and supply 
of the group 5303 of the number of times of available and a server identifier is 
deterred (ST7306ST7307). 

[0172]On the other handin the client means 71 It is received by the 1st 
transmission and reception means 31 land authentication ticket Ticket501 is sent 
to said ticket maintenance management tool 71 1 as the authentication ticket data 
51 01 is held (ST7107ST7108)and is used in a next use approval procedure. 
[0173]Since the number of stages of the disturbance multi stage hash value by 
which the authentication ticket 305 sent to the approval server means 73 is 
accompanied decreases every [ 1 ] for every use approval and it goes from the 
client means 71 by thisin the approval server means 73what is necessary is just to 
perform one step of hash operationand it can shorten response time. Since a time 
stamp is updatedit can set to the shortness of the grade which can cover the 
interval of access to the term of validityfor example 1 hourand the user 
convenience can improve safetywithout making it fall. By this methodthe client 
means 71 using the higher authentication ticket 305 of safetywithout revealing the 
password PW to a third party including the approval server means 73 and 74 to n 
timesUso approval can be obtained in shorter response timeand the authentication 
ticket is available in common at two or more approval serversand can decentralize 
the traffic of check processing. 

[01 74] Although it had composition which calculates a multi stage hash value in the 
client m(5ans 71 at every use approval procedure in the above explanationit is good 
also as composition which carries out precomputation of the multi stage hash 
value of all the number of stageses at the time of acquisition of an authentication 
ticketand is memorized to the secret memory measure 316. In that caseprocessing 
time for every use approval procedure of what needs to use the more nearly mass 
Tampa-proof nature memory device as the secret memory measure 316 can be 
shortened more. 

[0175]Thusdecentralized administration of the use of an authentication ticket can 
be carried out by constituting an authentication system like this embodiment 
under the method with which an authentication ticket is updated. Thereforeone 
management resource can be lessened more. 
[0176] 

[Effect of the Inventionjin this inventionsingle sign-on type the authentication 
method and authentication system which cannot need cipher processing in a client 



sidebut can manage the use count of an authentication ticket easilyand can 
eliminate [ 1 st ] double use are obtained so that clearly from the above 
explanat on. 

[0177]In a user authentication procedurecipher processing In a client side is not 
needed for the 2ndand also single sign-on type the authentication method and 
authentication system which can communalize data processing of attestation 
presentation information and data processing of presentation information are 
obtained. 

[0178]In what generates [ 3rd ] collation information by making into confidential 
information the random number for attestation which the client means generated. 
Since the collation information which an authentication ticket includes becomes 
unrelated to user authentication informationeven a possibility that user 
authentication information will be guessed cannot be found and single sign-on type 
an authentication method and an authentication system with higher safety are 
obtained from an authentication ticket. 

[0179]By 4th on the other hand performing irreversible arithmetic operation of 
confidential information by tropism hash operationeven if a client side is a device 
with low computation capabilitysingle sign-on type the authentication method and 
authentication system which can perform use approval processing by practical 
processing time are obtained. 

[0180]To the 5than approval server means by what updates the collation 
information of an authentication ticketetc. Since it is updated whenever an 
authentication ticket uses itand especially a time stamp is updated and the term 
of validity in an effective judging can be set up shorterSingle sign-on type the 
authentication method and authentication system which possibility of the 
unauthorized use by a third party can be made smallerand can shorten the 
response time of use approval further are obtained. 

[0181]In what established the authentication ticket management tool which 
manages [ 6th ] the use count of an authentication ticket. In the system by which 
an authentication ticket Is not updatedslnce it becomes possible to use an 
authentication ticket in common to two or more approval serverssingle sign-on 
type an authentication method and an authentication system with higher 
convenience are obtained. 

[0182]To the 7than authentication server means and an approval server means by 
what menorizes the issuance history of an authentication ticket. In the system by 
which an authentication ticket is updatedslnce the decentralized administration of 
the use of an authentication ticket can be carried outsingle sign-on type the 
authentication method and authentication system which can lessen one 
management resource more are obtained. 



DESCRIPTION OF DRAWINGS 



[Brief Description of the Drawings] 

[Drawing 1] The key map showing the outline of the authentication system in a 1st 
embodiment of this invention 

[Drawing 2] The key map showing the outline of the authentication system in a 2nd 
embodiment of this invention 

[Drawing 3] The key map showing the outline of the authentication system in a 3rd 
embodiment of this invention 

[Drawing 4] The protocol sequence diagram of the authentication system in a 4th 
embodiment of this invention 

[Drawing 5] The functional block diagram of the authentication system in a 4th 
embodiment of this invention 

[Drawing 6] The flow chart showing operation of the authentication system in a 4th 
embodiment of this invention 

[Drawing 7] The detailed functional block diagram of the attestation child addition 
means at the time of using a message authorization code in the authentication 
system in a 4th embodiment of this invention 

[Drawing 8] The detailed functional block diagram of the attestation child verifying 
means at the time of using a message authorization code in the authentication 
system in a 4th embodiment of this invention 

[Drawing 9] The detailed functional block diagram of the attestation child addition 
means at the time of using a digital signature in the authentication system in a 4th 
embodiment of this invention 

[Drawing 10] The detailed functional block diagram of the attestation child verifying 
means at the time of using a digital signature in the authentication system in a 4th 
embodiirent of this invention 

[Drawing 1 1] The protocol sequence diagram of the authentication system in a 5th 
embodirrent of this invention 

[Drawing 12] The functional block diagram of the authentication system in a 5th 
embodiment of this invention 

[Drawing 13] The flow chart showing operation of the authentication system in a 
5th embodiment of this invention 

[Drawing 14] The protocol sequence diagram of the authentication system in a 6th 
embodirrent of this invention 

[Drawing 15] The functional block diagram of the authentication system in a 6th 
embodiiTient of this invention 

[Drawing 16] The flow chart showing operation of the authentication system in a 
6th embodiment of this invention 

[Drawing 17] The protocol sequence diagram of the authentication system in a 7th 
embodiment of this invention 

[Drawing 18] The functional block diagram of the authentication system in a 7th 
embodirrient of this invention 

[Drawing 19] The flow chart showing operation of the authentication system in a 
7th embodiment of this invention 

[Drawing 20] The protocol sequence diagram of the authentication system in an 



8th embodiment of this invention 

[Drawing 21] The functional block diagram of the authentication system in an 8th 
embodiment of this invention 

[Drawing 22] The flow chart showing operation of the authentication system in an 
8th embodiment of this invention 

[Drawing 23] The key map showing the outline of the conventional authentication 
method 

[Drawing 24] The protocol sequence diagram of the conventional authentication 
method 

[Drawing 25] The functional block diagram of the conventional authentication 
method 

[Drawing 26] It is a flow chart showing operation of the conventional authentication 
method. 

[Description of Notations] 

11121314151617181 client means 

212223242627282 authentication server means 

333536373and 83 Approval server means 

414and 24 Confidential information 

57803805 authentication tickets 

6 and 804 Presentation information 

8 and 806 Notice of approval 

1323and 801 Attestation presentation information 

64 Authentication ticket management tool 

74 The 2nd approval server means 

311 The 1st transmission and reception means 

312 and 811 Input means 

313 Hash means 

314 Ticket holding mechanism 

316 A secret memory measure 

317 Multi stage hash means 

321 The 2nd transmission and reception means 

322 attestation — a time check — a means 

323 Authentication information storage means 

324 Random number generating means 

325 The 2nd multi stage hash means 

326 Attestation collation means 

327 Ticket identifier creating means 

328 Attestation child addition means 
328A self-identifier storage means 
328B data connecting mechanism 
328C connection data hash means 

328D server common key memory measure 
328E common key system cryptographer stage 
328F at:estation child connecting mechanism 



328G self-secret key memory measure 
328H public key system cryptographer stage 

331 The 3rcl transmission and reception means 

332 approval — a time check — a means 

333 Attestation child verifying means 

333A attestation child separating mechanism 

the [ 333B ] — the connection data hash means of two 

the [ 333C ] — the server common key memory measure of two 

the [ 333D ] — the common key system cryptographer stage of two 

333E data separation means 

333F publisher identifier collation means 

333G comparison means 

333H server public key accumulation means 

333J public key system decoding means 

334 and 832 Ticket effective judging means 

335 and 531 Ticket use management tool 

336 The 3rd multi stage hash means 

337 Approval collation means 

41 1 The random number generating means for attestation 
412612and 712 The 1st exclusive OR means 

421 The 2nd hash means 

422 The 2nd exclusive OR means 

423 The 2nd multi stage hash means 
51 1 Ticket holding mechanism 

532 The 3rd hash means 

533 The 2nd attestation child addition means 

611 and 711 Ticket maintenance management tool 
621 Ticket registration instruction means 

631 Ticket update indication means 

632 The 2nd random number generating means 

633 and 733 The 2nd exclusive OR means 
721 Ticket issue management tool 

731 Renewal management tool of a ticket 

732 The 2nd random number generating means 

812 Session key decoding means 

813 proof — a time check — a means 

814 Certification information cryptographer stage 

821 Session key creating means 

822 Session key cryptographer stage 

823 Ticket cryptographer stage 
831 Ticket decoding means 

833 Certification information decoding means 

834 Certification information effective judging means 



835 Approval collation means 
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i:=&1SS[<l:-r51fia?]12 iclBIKWigii 

6 4 <DC-'-rn*HciBi6©igiiE->X7'iA„ 
6^6 4 (DL^-rnj'jMtlBKOISilv'XT'^.o 



tiASciBlt©iSaE->X5^Ik, 

1 0 ] H5SI8SiE^'^ -y f- A\ -y— / ^»S'J^^* 

m^^^ 1 1 tuiBissE^'ir';/ h*\ mja^^-^ts 

!g«T*tl. Sui3W%[H]IS6^n-ktcM*^*n«c:t«1t 

^^if ^iSaiJSi nci3ttc75iSiiE->X7^Zxo 

[BS^Wl 31 B0IBIigDl-9--/^#ia«^s aOKsSII^'Ir 
lciBK£Oig|iE-> 7. 7^ A„ 

[fta^H 141 HulB'?7-r7'Vt> S5f3^§E^ 
nt^^^^ 2tDl^-m*HCf3l20)l8§E->X-7'ixo 

t^%7LXtS''). BuiB^^'TT'Vh^Ktix mSBIiSiiE^ 

1 ic iin^/T^ LTif OTIS pr^iR46 « t y X Ml B 

icSljiBISlaEf^'b-y h'BS^SlCHufBKSE^'^'y h^S^fr 
Sia^JS'T^L. tlJl3iSp^^t-/^#IS^*^ mtBWsL^^-y 
h coif /T^N^SttTBuiBISil^^^r 'y 1^ BS^^lziHulBsgliE 

[si^si 61 HuiBiRpr-y— hSbB 

SBSSEf^'ir'y ^.:&%^^■ri.^:<!:t^^:5I^TSIg^IB1tL. 
HufBISpr-y--A#ISli. Bijf3sSiiE^'!r'y h^W^t^t 
ttlcMlfraffiS-IBIiLv BulBISEE^^'^'y 

-y ^"^K^ fctiSuiBiSpl-y— / \'#iatcfjfBiSiiE^'>^ -y f- 
COaM^^nL. B3IBiSiIt»--/<#K$fi:liBulBiigpr-9- 
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n - k iHiai L/i:fe<D<t BulBf5LliE<t©SfffiMiSS«] 

<ts HuiBiSiiE-y— A'#IS(c|Slig^';r'y l-^g?RLs SuSB 

iWIB-f ^-fT'Vf-^Sft^ a— »fSasy?<!::i-+flSiiEtS 
$Bt-t-n"!iSiJi-i:iSliE^'!r>;/ KO*55btH]?S©A:^^?# 
^Kti^WLt. BuiBi8II+^— /^^IScfcyiSiiE^'^r-;/ 

#K J: V a.-+f ig|iE1tl8^?i5 1 <!: t ic MI3s8aE+f-/ ^ 
#IS<i: y SL»«■^ IT. c: n 6 cDSISlc/ \ -y -> 3I»^SS 
f / \ -y -> a #® <: s HU SB/ \ >y a #IS J: U ^ifc/ \ -y -> a 

<i«iteffiiiiciBti-r^^ffii3it#s<i:x mssmmtm^ 

TliHijiBA±I#IScfcy#5S!][H]!Kn (ntilESliS) 
Ts n m<D/ \ -y a mm^m LT'mc^W \ >y -> a 

ii!rf3s:fiE+t-/\*-:f eicas y . fijfflg!Rr#)©ttfct>TttBir 

!B^Rl-9— cfc y Pm\£i&. k ( k n J.XT(DIE^ 
US) ^mZ. n■-kS©/\•y->a;«m«^fiLT^#/^:^®: 
A-y -> nfi^BulBISRT-y— / N"#Klt j2I5^K/ \'y -> a# 

liE1f^»«#|g.!:. u.m^^mLzmE<7^^T>^-^ 

fciL-+f1igH1f?S<hBuiBaiS^fi)6#l5T-^^i!6LfcS.lif<i: 
(DmmKn + 1 {iS<D/\-y->a;1l3t^?T^-5m2(D^^/\ 
•y->a#|g<t. nijiB^7>r7'> h#SJ:y?#fc*l8/\'y 
-> affi^fJIBS 2 ©^S/ \ -y -> a #©T1#fc^K/ \ -y -> 
iL<i<»:BS^-ri>l^im^^S<!:> ^^StJ^f^-^-y hiaSiJ? 

^^K#|gJ:y^ifc^'^•y hfiSO?. HufBfgim^#Scfc 
y ntc^W \ -y affi. BulB-J' 5 -f Z > h #lfi<i: U 

t5iBiigprt»— HufB'J'^'rT'v l>#SJ:y^ifc 

igSE^'y-y h<7)lglI?^fillE-r5iSiI?^iiE?S<i:> B# 



J: yS/j:l^$iJ««liW*<0W«!)14*^x -y ^-rS^-^-y 

Vmm\-&^WLt. iSsI^'ir'y KCD^-ir-y f-SESO^t^iJ 

ffiiHii)fi:?iyifyffipitgiHi3s<!:€'«ar?.^'^"y v-mmm 
mx. m^<7^-fTy h#ls<^:y^ffc^S!M•y>/a^l^c 

k S©/ \'y -> uSim^fiS LT^ifc-;^^ia/ \-y -> a^l^ 
tb;b-r«S3CD^a/\'y v-a^Ki:. BulB^^r-y hfUffl 
es^KJ: y »fc*S:/ N-y -> affii: ButBIB 3 <0^^/vy 
5/ a#ia J: y mtz-tl^Wvy -> afi-t: ^RB^-T SISpI 

isi. asasu^^iBifrssisiESU^iBit^giiv ^-^^y 

#Sd: y ii/caJjg •S' ic A -y -> a S5»=&fi6-r a^T^'- 
^ A<y 5/ H5i3t»— / <ttji«fB1t#S <fe y mtc 
jill:^ieBi^^^ffl t^TSiJf B^^x- ^ / \ -y -> a #fS 
=fc y ^ifc/^-y ->aliSBg^'(k UTISBE^^t-r SttiiH^D 
iCBi^#Si:> SUIBx— S'ji«S#S!J:y»fcS«gx-^» 

<tiijfB«ji^:»?^Bi^#KJ: y I5fci8ii? t*5l*g-r « 
BuiBi8iiE?-«iiE#ifi6\ v—jKm-m^t^nmi^^ 

lli^*iB1I-r51B2<D-y— /^«ii»S1t#©<t. iSliE 

5^>r>y 5'<!:iigiiE?<ttc5^Blt-5ISiI?^«l 

^mt. KiiBiSiiE^^Mi^sJ: y »fca^e7^~— ? ^rf^-b- 

•y hSI»J?i:^l8/\>y->3.ffii:%Sfi(Hia4:^"ri*7.^«v 

n^isi:. tuiBisiiE?5^8i#ifiJ; y»/-ca*gx— S^lc/x 

iB« 2 o!)tt-/<tt)i«§Bis#is J: y mtci^mmyj^m^ 
u^mi-^rmEm 2 roa^x— s?/ x-y -> a#ia j: y it^c 

li*iCBg^t#S:t> husBt^— S'^J«l#SJ:y?§fc«tT# 

j: y mrcmu^tmKm 2 conmmys^v^^^m^ y ^f 
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Ma:&^CBi^^^^'a^fflt^TB^li33l*gx— S'/vy ->a# 

2©)iSex-^/vyv'iL#ie<»:x A'roijr«^lS 

ffl/ \ -y a fa <t: ?r ib^ L T Sem ^ tli ^ -r 5 tblS^IS <*: * 
[MSa?^ 2 1] luiB -J' ^ < > h #IS*\ iSHSLifc^ 

R)6*®;i:mi <D*ffteWiiS«#lfti*a«iLs SulBiSlI 
fflSL»^^#®f:>:. It— tfs8aE#Nilcfet^TSfiEfflSSLa 

^^fiXL. HijfBIII <DS^ffl3e^t^S«]?Sliv iL-+f'Kl|I 

mfimn^Vj-fs. -) Ti#/cJ«SL/ \ -y -> a fi?:tu!BISiiE+J-- 

My5/a#S«s «iJfB«l«ia«#S!J:yi8iiEffliL»«Bl 

y^'JfflUllBfk^flT. n - kS:<0/\'y->a;JIS«-SSLT 
»fc^lS/ \ y -> afii*Huf35gpr+*— / <f#Stt3l y . 
BUs3igiI-9— M~iFIS*i\ BijiBiSiiBS^#|glcf-1c;b U ^2 
(D/ \-y i/zL^WilSm 2 CDSPfteWiiSffi#S=&ftffi 
SufBS 2 \'y -> a#ISli, tulBISSEtf $BSa*S<}; U 

if P^Sl*. BUIBIg 2 CD/ \ >y -> a #^<i; U f# /c A -y -> a {8 
iffJsB^^^-t'T'V h#®J:y»fc«J35U\-y->afili:a)SP 
m/^mW^^M^iVyti -:> TSgliESiLii€-IX» Ls tuIBm 
2 (D^S/ \ -y -> a ^m,ts fiulBm 2 <DgfiteWiiaffl#S 
«J: y iffciSiiffliiLStlc n ©(D/ \-y -> aJSH^tr^tV 83 

^#fc^'b-•y hlSffl^^s HijSBm2 0^S/\'yv'a#IS<*:y 
ii/c^K/\-y v'afl. BulB'J'^-rzv tJ fffc+J" 



^iJ1tfBlcS-:J<^'i'iAX^«>yx Mt^lclSil-y— A#I8 

>y h<hLTHiji3'?5'r7'>t-#Slcj^^c:i:^1t^<i:-r 
^W^IS 1 8 6^6 2 0 ©l^-rn3bHt|BKfl5lSBE>'Xx 
A, 

[Sa?il2 2] HtjfBliSqJ-y— HijiBm3(D^ 
S/ \ 'y -> a ^KlCf-tte y m 3 CD/ \ -y -> a #^St>'S 2 cD 
igaE^f^tUD^S^Mffi L> tulBm 3 £D/ \-y -> a#Sli. 
«5^^ ^ 'T Z > h #K <fc y Sfc^lB:/ N-y -> a<ilc/ \-y -> 
aJUSLS-SSLTiffc—^^IS/N-y ->afi^tti:^ L. buI3 

^/ \'y -> affitijsBK 3 \-y -> a#S J: U mtc-^^ 

(i^ HuiB^^-^-y h^iJfflgS#ffiJ:yi#/'c^^'y l-lKSiJ 

+t-/rBagy?at/5^y*ysi2ias HuiB^^^'TT'yh 
^SJ: y »fc§^e/\'y ->att. BulBISpJU-Bt^KJ; y if 
/cB$^iJtf$6tcs-:iiX ^f-TAX^vys tiu-icispi-y— /\' 

[^^^2 3] 1 OtX±<DiSpI-y— /^#St. MISiE^ 

>>-'y hcD5iiTS0-*ij««>i?=&is-r«igBif^';r'y i-es 

#Si:«-M«Lv BulBiSiiE^^r-y h-<gS#IS6\ huIBIS 
U+t-/ J: y if fcigaE^^'^r -y h HiTSaJI/Tx^t i: 

s LT^ BusBK:pr+^— / N"#s J: y ntzms.=j-'T ^ v mm 
©n^tt^f' X -y <7 Lv y^m^(Dm^\z\,m 

HUl3iSiiE-9— /^■?S6'<. f^-tr'y \~m.m^m^Wi.^MM 

*B2#faefcyiffc5^'!r-y KffiSU^iiBuiB^^'rT'V 

SJ: ytf /-c-9— /<ag'J?Rtf^5aiBl»i:*"5^iiE^'ir'^ 
f-fliTSS*S^*4fiKLTl3SS8iiEf^'5r>y heS^SlC 

jMyv 

^SfiiLv SSIB^-Ir-y HSJteS^Slis HulB^II-y— 

/^#e*yissE^'>-y h^ifT^ifr^tttic^'jffliHi 
gi^^^sLT^ BijiBiSRi+J— /^^isic^ne^tin^u 
BuiB^S/ \ 'y -> a ? IStiv suf B«lffii31t#S* y / \ 'y -> 
afB^lXy m LTx 3.-+fiSiiE#)lltCfcl/^Tl* n S(7)/\ 
•y ->agiJI««SLT»fc^lB/\'y -^afil^MfBIBil+t- 
/^"#S:tcjMy> ?iJffllSRl#litc*5t^Ttit5l3^'5^-y h« 
J#BS#^<fe y if fcf iJfflEIS k «-if Tv n - k ©©/ \>y 
a gi»^fi6 LTif fc^e/ N -y affl^MIBS 1 OSPfft 

SuiB^IS/\-y ->a#ISJ: y if fc^lS/X'y ->afili:Byt3Ml 

61+^—/ s J: y if /cSLa t (Dmimmmmmn^nisi 
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ISSy^SIf +^-/ \'1«S'J? i: SuiB^ ^ -< > h #S<i: 'J » 
?4tiiE#l8J: Uf?=fc^S/\*v S/nffii^as:^ L. iJIBm 

ico^m^jiSL^mts SLjs^SfigLTSuiB-f^'rzvh 

^ISSt>~8ulBII 2 (DSflftWtSSft^SlCjM y s BulBm 2 

ISfflU ByfB^3(D^S:y\-y->a#iai±. S!j|am2<7)gt 
fteWISSifa^lS J: y mtc^W \ -y -> a ffllc k S©/ \ -y -> 

luSBKiiE^'^r-y K'BS^Kl*. tuiBBggI■t^-/^'#Sci: U 

X -y ^;S^fl5lS^le«Hui5|gPl-9— / 
KSE^-^ -y h-*i«5jl»]%33l-5 C t^^Wliinn^m 1 

[fS?R^ 2 4 ] Sgpr-9— / 1 •PJ.X±M« b5 
l3liSSE-9— f^-Jr-y h«tT^S#fift«-m<»L. 

■y— /^^S.fcyWfc^'Sr-y h!pJffl{!S#«'fci:lCf^-!r>y h 

sigij?^*fii3g LTmm^^com-^\±^^x-y <7 u 

^StiL. mtE^-'ry h«*#SS#l8!l*. SulBiSil+J— 
/ J: y ^lEf --5^ -y h ^fST^^r « tf^iz^mm 

m^'smLx. tji3iSpi+^— /^'^isic^ne^^^L. 

su IB^S/ \ -> Su iB^S&IBIt <fc t» / \ -> 

•y '^n.mn^mLTmrc^m/\'y nimmnmmv— 
nmm^^j: vrntzfrnisiis^ k t. n - km(ony 

a jSS^SS Lzmc^^/vy -> nfi^lulBm 1 
tulB^-K/ \ -y -> z. #K <fe U ?f fc^S/ \ 'y -> a ii i Su iBiS 



•3 Ti^mOtiSSL^K/ \ -y -> BulBlllRr-9— / ^^SlC 

tSiBKRltt— /S"#IS6\ tulB^'ir'y h^UffigS^ISlCft 
^^^"ry hW^^'Sm^Skt. S2coiLli^fiE#SSt>' 
m2roSPfteWiiajfa#ISt=&afiiL. BijfBf''!r«y t-Mff 

SA''*S)!]^5'x-rii^lc HuiBiSiiE?^^^iiE#fS J: U ^f fc^'Jr 

-y i^m]^^xf^-jmmi'tmti<7'^^T> h^^Scfc 
-/ ^^isics* lth6 y . Brii3iSijE+*— y tcimtE 

SiifiiijiBiSH^iKii^lSJ: U ?#fc^lfi/\-y >>o.mt^ 

5^1 y L. ^SI-^roJi^lcliBuiBm 2 (DiSpJ-9--/^# 
eicsSiiE^'^'y Hiieii«15iiiys H5i3m2<Daa^m 
^Sti. SLta^^fiXLTSuiB-^^f T'Vh^lSStftuiB 
m 2 c7)Sf«3WISS?P#IStc5jl y V SuIBm 2 ©SffftWiilS 
f D^ISli^ tulBm 2 (Daiir^fig* S J: y ^§fcSL»<i: SttB 

<7 5 -r T' > h cfe y /cJisL^ia/ \ >y -> n fs i: (DSfftij 

WtmSfi]-3lii:^^T% o T^IS/ \'y -> ifi^lXif L. So IB 

M2©y\-y->a#siis B5iBm2CDSfiteWias?a#«ad; 

y #fc^ie/\«y '> affile/ \-y -> a.3iJt«^ll6 LT^ifcZ::^ 

\ -y -> a fi^ til :^ L. SiJiBm 2 CD|gfiE^^«llD#IS 

i±v mss.^'T'y vmm^^j^'imz^'T'y hittsim -y- 
-/ <sigij?stf ^ y f jffliaa. Suf 3S 2 <r>mmm^m^ 

#is ct y ^ifc^is/ \ -y -> a ffls Bijf BiSprttB$#is J: y ^f 

/i:B#SiJtf$filC»-if< ^'TAX^^VX Mt>lc|gRr+f-/\" 

<!:-r«M5R]a2 2 lcfBi6<DBSHl->7.7"Ao 

(h. fijfBiSiiE-y— /^^laiclSiiE^'ir-y h^M5l?Ls SufB 
iSm-y— y^^SlCigsE^'ir-y f-CDfiJfflii8Rl«-S5R-r^^ 

isii-y— /^■#iajb^6<7^^7'> h^fatc. issE-y— /^^ 

RTiMSm^n (n»iESI») IslflfeLfrgg^^^^tr. 
h^Sli, BOiBsSil^-tr-y h-€'|gpr-y— m"#SIc5^LT 

mt'-k (ktinJ-XTcDiE^iSif) T-fe5<l:?. BulBIBffilf 
fglcfuSBFiT^f^^RrilTllS^ n - k SBiSL/cjillt^ll^- 
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iSfiE:^-;i= 

H>JiBi?II-<t-/^#ia;lEi8SEf^'!r'y h«il*L. KTS 

iiiiiE-y--/^'#S6'a'i'5-r7'> 

IS t ^ -< > h #18 i: Jt*-r «ife?gtiffllcm^<0^ 

m.t'^k {kit n&.T (Dmmm) T-$5<h$s tiJIB^Bffiti 

ffiicBuiBRiT^o^;orj£-35it« n - k mmLtzmnm^^ 
mtmEm-^mit<D-m^mmr?>i:ti,i,c. mf&vs. 

^©^RTiSSatJI* n - klslfifiLfcSI»|g»lcse»r-r5J: 

[»JR)S2 71 BuiBiSffiE+^-A#l66\ |g|i^'>--> h 

S^P3?U '^="fZVh#ISt*v a.-+f!giI1fffii:Bu 
tBiL»<!:<D»(ieii:S5iBm^<^)^5rj£;1im=& n + 1 [hIJSL 

I ^'^IStiv «Jt LT ii.-+f SSSE'ff $B t. HufBSLIi i: 
ji!gtCtuIBP/T^C)^Rlii£-;ilS^ n + 1 Ie]J4LT> -S-O))! 
»i^*<J:BuiaiSiEJi/T^'lf?fi<t<^»-Bj€-5iiS-rS<!:. buIB 

1 lH]SfiLf:>ll»Sm^BUlB*^ffi1f ?B<1: LT^ Sin 
icm^ro^Rrffijjm* n (nlilESIIS) SSSL/cSuIBBS 

tt3?]12 5 ^fc lit 2 6 lcf3S2coigfiE:)^>i„ 
[ti^RJS 2 8 ] BtJiB|g|I+*— / <#I8:6\ iSil^ -b" •> H 

IB^SiRU •i^vf T'V h^Slis il-+fiSIE1fSi:HU 
IBSL!!ai:(DjlS£(:HuiBp/T:^(^^Ria'j|IS^ 1 [h]1.X±SSL 

ft&d<lSft^faSlll«§%%BuiBf8liE£i^1f^t LTtimL^ 

sg|I+J— /<;#Sl;}:. «J$LTl^^J:-+flSSE1f$Bi:HufB 
fSL» i: t^T HulBISiI«5'.1t^*^ S SulBISiiEfflSLii?: 
5iSL. MfBlglIffliL»*Sys3»ffi1f «<!: LT. Ctitc 
P/r^ro^Ria»>«JI^ n (ntilE^lif) ESiLfcHufBSS^ 
1t$8^#tJSSiiE-:'^'b-'y h^mn-T^Ct^^tt^n 
^TM2 5 $/i:ti;> 6tClBtt©igiIE:S;Sc 



[!iS3?3S 2 9 ] 1 6^8 2 4 roi^-TnASClBig© 

igiiE->Xx^.T*^7T*-ti^iSijE:&>* $ /ciiiSmJS 2 5*^ 

[000 1] 
[0 0 0 2] 

^BSO-"^ (7) 3. - +f~*';-t - / S'^atc T' '5' -fe X -r 5 IE ^ 

^fH/tt-'fy^ymomWjiitLTii. Ker 
b e r o s sSaE-VXxATfflt^etl^ T T P (Trusted 

Third-party Protocol) 6'^— )9Slc5En6nTl^5o 

[0 0 0 3] wT. m^<D'y><fi\/^^>^>M<omm 

mT-SUs 02 4t*yP \-^)l'^7jitZfa hziyl/iz—ir 
>7.I217-S5c 1212 3at?E12 4lCfct^T. 8ni3.-+f 
-fy^^i-X^JtO^^^'TT'Vh^fia. 82l*lL-*fig 

[0 0 0 41 ^7^'frvh#e81i:^li+»— /^#e82t 

<DiL-+flSiiE#liil!:fci,^Tt*. a-+f'rv'?'7x-x^ 
i>LTAti*nfciL-+faisij?u I D<!:-9— /\msu^-s 

I D t ^igim/Tvlf $B t LT i: t * o /-cggHSSiAuthen 
ticate Request801«-J'5-<7'> h#S81*^igiiE-y--y<; 
#fg82(CHl y . irni::3* Lli8!jE-9— / ^'#1682*^ "vX 9 - 

FPW*li<hLTBg^'(b5-+l/-c-fe<y>>3>SS K€-i:t 
JfeofcKSEJCSAuthorize Request802^S8iI'?''5r KTi 

[0 0 0 51 SeiCs •J'^'TT'Vh^SSIilgoIHt-/^ 

*S83^:o!)^^JfflSpr#Ni^c^it^T^*v <7^-(t> 
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SMf-t y -> a >a S K TBf ^^k* nfcH.— tflSgiJ? U I 
D i: ^ 'T Z*;^ ^ V y T S k i: ^tS/T^tiSSfi i L T <*: 1 55: -p 
fc^RfS^Authorize RequestSCM^HSE^-^'V KTicket 
805 i: i: t iCfS rI^^— / ^■^SSSttJH V . Zinlcti LSSrI 
■y--/ ^'#S83J*|ig|iES3?Author i ze Request804lCjiltS 
^nimmtmm^'r'y Micket805i:*«SELT. lE^ 
<t|g46+l«1gRlii*PResu I taoe^JM y j§f t COTS 5o 
[0 0 0 6] J.x±roj:3^:/p H^yb-^—irvx^&Jto 

Br LTf iJffliS Rl^^T^ 5 ISrI+J— / ^~#IST-fe 5, 

[0 0 0 7] ^'5'rz>t'#S8ni. x-'j'CDiMgffl* 

•y -> 3 >a«^¥lft812i, LfclSfiE^'^- y h ^« 

[0 0 0 8] itc. iSliE+f-/^'#S82l±. x-^COjgg 
fa^?T%-5»2WiglSfi^«321t. ^JiJ^fl-^-rSB 
iiEH-ii^#©322<»:v /N'xr?- KI?©a-+f iSH1f?B!b^S 

«^n/i:igfiE1t$fiS«#lS323<»:^ tfigiiftisfttc 

Bi^«*^m-r«Hr -y -> 3 v»^fiE#S82i /^xc 

^#©822i:. -fevi/a VH^fflL^TiSiiE^'Jr-y h^fli 

[0 0 0 9] ^/c. lSRl+f-/^'^IS83li. X— SzCDiMS 
m^'ntji •? m 3 (7)JII§ffl#|g331 i:. Bt^iJ*l+B#-r ^iS 
prffBS#|g332i. UVL^'r-y h^m^f^^^r-y yiS. 

-y vmm]-&^mi2t. ummdi-mmmm^'^mtf 

¥iJ3E=&e*3aE^1fffl*«j¥'J^#l8834<t. BII^'!r-y 
h <!: igflESS^^ilP^lf $8(7) S t ^JtRBB^f «B 

[0 0 10] J.X±«^><fc3tc*S^S-nfi:tJf3!5CO->>y;l'+f 

1112 6^#BgL*6'!6KB^-r«o $-r\ '^^'TT'Vh^ 
S8nc33LNT. ^-+f e#*.T^-r3.-+fia)SiJ^^U I Di 
^il-y— / <#lft82tc « 8 i:46S»* tifc:i— ynuffl 
CD/'fX^- K P W<!:^|J^ISpI^^i^Wfe(D+^— /rsggij? 
s I Di:6^iL-+fA:^800i:LTA:^#IS8incA:;3*+i 
5 (ST310K ST8101) „ A^#e8in±. 



3.-+f A:^800^-B$«*$-ri. <t <h /\TO?310 
I^SXtilLT^^-y h«f##lfi314tcj||^„ ^^yVU^ 
#IB314tt. tt-/^S>J^-3101lC3lsKS-r«i8E5^'5'>y h 

x-'^^^H^LT (ST3 1 0 2) . im.^fmm^Q2 

siiai3io2*'««iL*5^r«^ic«. n— tffgima^i) 

iiSDBioi ^HuiBA;'D#IS8i 1 itiiii y . ^ (J li^tc 

ti. fiJffliSRl#)liS3iiiia8102^ij|B5^<r'y 
314. <l|ffiiB1t#S3l6Slf|iB^1t?BBg^#S814lCj||5 
(ST3 1 03) o 

[0 0 1 1] mfd.Kti^mmt. iL--^*MEmm]mm 

\QW^-Xib^^t. -Bt^JtLfcO.— tfA:^800A^6l!? 
tHUrc^ □L-+faigiJ^i:^t-/«lll{S'J?i:©)|B8103«Sg1 
<D5M§ffl? IS31 1 LTsSSI^iRAuthent i cate Reques 
t801<J:LTiSiiE-9--/\~#|g82(Cjiiy (ST8 10 2) . 
IL-+f1§^SiJ?81O4«iiE0^1t$BBi^#S814tcJ!l U . / \°X 
■7- K8105*-b«y-> 3 >»aH^#®812tc:2IS„ 

[0 0 12] igii+j— /^■^iS82(tj;i^T(*. mwmm\i 

thent i cate Request801 li ^ 2 <05MS{1#©321 TSffl* 
tu ffiai^tifca— tfSISiJ?820Ub^^iI1f$BSa#®32 

mi^^F'T-y hBi^#IS823tCilgSn. +J— /riSS'J?8202 
Ai''^'!r>y hPg^#©823lCiiil5n« (S T 8 2 0 1) c 

ssEif«««#«S323t*. iL— tfaiS'j^=^82ont5tHE;-r5 

/N'Z^- K^i^^LT (ST8 2 0 2) . ^y<;3Ji-&lC 
ti/N'Xr?- K8203^-fe-y v'a >aBi^#S822lCjStlv 
<^I^Sgmiiai8204^-fe -y a >liaEfi!6¥^S821SO^-t -y 
->3 V»Bi^#K822lC3ai% (ST8203) o *y-> 
a ya*J5)6#IS821t*. !|^|^ie^ii5E[]8204*i'<*y:&/TT-r 
li^lCv ili/clCT -y 3 >a8205^Sfi)6LT 
■fe -y -> 3 >tiiBg^#l8822Stf y h Bg^#®823lc:53l 
5 (ST8 2 04) o -tr-y5/a vaBg^^S822(i. ^ 
3giem>l*Q8204*i'^^ y ^Tntm-^iz, Hz -y -> 3 >a8205 
^/^Zr?- K8203«fflt^TBi^§^b LfcBi-^fb-tr -y 3 > 
1^8206^S^L (ST 8 2 05) . C:n«Jg2<DilSS^ 
#S321*^LTI?liEf£;^Authenticate Response802(i: 
LT^^-TT'Vh^-SSUCjSi. (ST8 2 0 7) „ ISBE 

a-i^#S322tt. iKffii^&j^sn^LTJiys ^aw^jtc 

L.T.^yymi^^'T'y hBg^#ia823(c« 

S&LTl^S, ^-b-'y hBi##K823l±. i^ggpiciSJt L-^" 
^giJ?8202tC3sHE: L/c-9— /^^JSa^fflt^Tv :i- 
+f laSU? 8201 i: +J— / rsasij^^8202 <i: ^ -f AX >3^3212 
.i: -tr -y -> a >li8205i; ^-Bf-^fb LfciSil^'Jr |- 7=^- 
8207S^fieL (ST820 2. ST820 6) , iin=& 
m 2 «)jiSS^i#e321 LrSiI^'!r -y h T i cket803 1. 
LT-J^^'TT'Vl-^lgSnCj^^S (ST8 2 0 7) o 
[0 0 1 31 •^^'TT'V h#ffi81lCfcl^Tli. iSiifSg 
Authenticate Response802(tll1(7}i3£Sfi#^311%^/^ 
LTBi^^k-b -y -> a V^sioei LT-tr -y -> a >a«^? 
^812(ciM6nx im^'r-y hTicket803ttS|1 
#S311^:^>LTISfiE^'!r-y h7=^-'Sf8108i:LTB9iB5^ 
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^•y h«J##IS3l4lc3l6n^ (ST8 1 0 3) . buIB 

/Km\=^'i^io^tt'tl:5^■^^■^■zunn (ST3 1 1 2) „ 
^y'ys >msmy^mnit. S^mt-ii -> 3 VII8106 
^yx'Xr?- KSIOS^fflt^T^^-fbt-^ (ST8 10 
4) „ yt-^T. i]£L0V\°7.7- F6^A:^S-*lfcJ«^lC(7) 
Lt^-b y -> =1 >«*^iS C t So -b -> 3 > 
litI##fg812T(i6n/i:H2 -y -> 3 va8107tt«Mei31l 

[0 0 1 41 i|ia?l31f#IS316». ■b-y>'3>«8107* 

(ST8 1 0 5) . pmm^mmmw]mmmt^^xe> 

ntcm-^lz. IBUI L/c-b -y -> a Via8l09«-iIB^1f «Bg^ 

SBBi^^ia;814lCf«$&LTl-^«o iiB^1t«Bi##S:814 

fiJffl|gpr#lil^iBifll8l02««4A.6tiSi:x 3.-+f 

IS^SUTSI 04 i: ^ 'r 1x7. -S! > ^811 0 ^-b 'y -> 3 V1181 09 
^fflt^TBi^^b l./ciSaES*5^iIR8tS$li81 1 1*ifi2 L ( S 

T 8 1 0 6) V a)aism#®3ii*y>-LTi8 

RlgSRAuthorize Request804<!: LZm^V—z^^mHC 
(ST8 1 0 7) „ SuiB?'>--y l~fSJt¥S314t*> 

f 'jffliSRr#)ii®i!()a«]8io2*'i#;^ sn-s is / 

mi tDj2l§ffl#l6311*^LTiSiIE^':r-y hTicketSOSi: 
LTiSpI+*— /^■^^SSBlCillS (ST8 1 0 7) „ 

[0 0 1 51 igi'7-y— /^*^883^c^Jt^T^*v ssris^au 

thor i ze Request804lim 3 (7)3MSffl#IS331^^ LTIS 

tl. ISiiE^y-y r-Ticket805l*m3«)>IIS<§#«331«/1- 
LnSHf^'^'y Kx-^BBOItLT^'ir-y hm^#fS83 
llCjUe-tli. (S T 8 3 0 1 ) o ^^-y ^^I^#IS831 
it. mUi^^y hx-^8301^rtgPtC«J#LfcSt»--/^ 

WSftfJ^^lgssiilCjM Us -b >y -> a >a8305«:iIW«a 

a^#e833lc2:« (S T 8 3 0 2) , ggRrtf-^#®332 

•y K mmi'^mm32RxjtsEmmm^mi-&^mMim 

^'b-'y hWSa¥ij;^#K832«. +t-AggSiJ 
?8303i: rtSPtciSit Lfc / ^fSS'J^^i <D^¥iJ^« 
ft*-5i:<i:tfC. •Sf-l'AT.^'V :''8304 <h ilffiB^SUtf $883 
06,1: <DM*'<F/rS<DW3S!jaS|5B<7)®Hl^ T-S S d t ^ X >y 
<7 LT. l^-rtltST»««^tca— 9m'J?8302«^ 
-iT'y HL-tf"iffi!3U?8307<i: LTigRlP,?.^#®835lt»S5 

(ST3 3 0 6, ST3 3 0 7) „ iie^fliaia-^-*® 
833«. iSliE/lSif;'liE^1f $S8308«-b -y 3 >«8305€-ffl 

^ V78310i:^]EB^11ffBW5a¥U:^^IS834lCjMS (S T 

8 3 03) „ m^^^^mmmmt^^^yyh^^&v-t 



5« !iE0J1tai*a¥iJS#S834«. ^'r/*X^>7^8310 
<!: llSBtSiJtS?88306 i: (;5M<)''F/TSCO^SIM«oeHF*9T» 
S C <t X y 'J' LT. KT'SSIS^ICIL— 91«S'J?83 
OQ^a^IL— tfaffiij^83n i LTigprH§^#®835le:jil 
5 (ST830 4. ST830 5) o lSRlS^-&#lfi835 
I*. ^^-Jr-y HL—'/ISSiJ?8307iiiER§a-+fiaS'J?8311 
i:<D— a*iJ^«?T*t> (STB 3 0 6) ^ MT'feS^S 

itw^mmiM-^. m3CD3^§ffl#iS33i5:n-LTispi 

aaiResu I t806<t LT^^fT'Vh #S81 ICJM U ( S T 
8 3 07. ST3 3 1 7) . '^^'TT'Vh^SSncfct'' 
TSffltrn^ (ST 3 1 1 8) o CCDi^x — ifefiJSft^ 
Si^^fcii^v a-+f!«SiJ^i:^f AX^^V/tA^iE 
L<^#6tlTfcyv cnii-J^^-rT'Vh^KTiELt^-b 

•y -> 3 v-aA'^ffli^ en/c c t ltjj y . z. niiiE l 

liSliEi^* <»: f UffllS RllBm <t A'^-SUr d <!: ic * 5o 
[0 0 1 61 

[#|P^A':fS>*Ld:^i:-rSSSil L6^L^/)"<6. ±mi 
[0 0 17] Sfcv ±iB?tf*a)«lfiXTiis 1 oroisil^ 

h<7)Bt*6^:^— «¥lj!*nT^IE^7'-?-b7.6MTS*5tlfc 
[0 0 1 81 immts C d Lfct*f5l5<DiSSi^(K-;^if « 

[0 0 1 91 

[isss»;*-r*^c46<D#ifii cKDisii^Wj^-rsfctt 

tc. sue. *«blHia««n (nttiEfia) T' 

L83iBaiI^'!r'y h <!:!l^LT5PJffl^pI-r5KRr-9— 

<!: Sit. HUIBISH^^ 'ir -y h ti. ^'r-yV t m 
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t». Bui3iSII^'!'-y KCHSffllsllitt^k ( k ti n J.XT<DiE 
[0 0 2 0] CtUcJ:y. ■J^^'TT'VUIiJTOiB^ft^ 

[002 1] HuiBlflsI-y— /^"#ist*. 3.- tfIS 

liE#)iHcfeL^TSLIif^*)36Ls cn^7jiLT'>^^T> 

iI«l/T^'m?S«. gui3*BffitgffitCs!JiBP/r;£©^pja!-;«»* 

[0 0 2 2] iIn^cJ:^J. ±t2i^mcmxT. 

BE^ 11 33 T lb ■? -7 < > h «iJT-«)Bg^fllS«:*£^g <*: 

[0 0 2 3] m3lC. suiBlSiiE+f-A'?atix 3— +f1S! 

m^^^mt. Bu!e3.-+f'|giitf#gStfiulBSLia<t:<D3l«g 
t!:i}iBRfr^ro^""5ri5*3S»* 1 l5lJJ(±fi6Lfcta)i:-?^'(' 

[0 0 2 41 cmcj:y, ±SBS(J^tCj3D^Tv iSlI^^'ir 
[0 0 2 5] ^4lCs sljiBP/r^£0:T:pI)ffiaiif*i'— 

[0 0 2 61 cnicjcy. ±ti9):mcmxTs "p^y^y 

[0 0 2 7] ^51C. tusBiSijl^^-i' l-lil«^T#iSESiJ? 

Buiaigpi-y— /^^isttx fUffiigRi-r^ -title 

1f $Bli. BuiB*gg51f fBtCBuf3P/fS<D:^Rja??Ig^ n - k 
laSfiLfcfcroTMilTS-ns B5i3*?aiBlllSl*x n-kT-M 
Wr^n^c: t^&I^Slt LTt^«, 
[0 0 2 8] JltllcJrUs ±iBJ!!lSlcflnxTs iSIE^^'ir 



[0 0 2 91 mett. msi<7^^Tyv^mt. hubbis 

h t <!: t tc C tl€-^ LTf OTBSar:&?>?A65't OTTfe X 

1 1 lCB?li3ig|I5^':r h gS#SlC BulBUglif^'tr -y h © 
5^^TSS«^li5^t. buEbSpT+J— «9l3^iI5^ 

-Ir-y h<7)^f/T^?-§ltTHijfBiSII^'^-y h WS#ISlcMf3 

[00 3 0] cintCcfct). ±IB^<J^lCj]n;^Tv SSIiE^'Ir 

[003 11 m7{z. m^<7^^T>h^mt. bubbis 

h- 1 i: t ic il n^^v LTjFiJffliSpr^3?465 t.<DT-fe U . 
S5i3ISRl+t-/^#lfi^^it«^. Bfii3lig|iE-9— 
t*. MI3SSE^'!r-y h^^tr-r^itttcStraS^fB 
tlL. tulBiSpr+t-/^~#Kti. HulBSgiiEf^'^r-y I-^MI/t 
f «.<!:<!: tlcM«i®M«i31iU Bij|3ig|I5^'>--y h©*! 
5T^Sl+THul3igaE^<r -y h 0%?T«SIS'J^ ft^T^t- b3I3 
miE-y--/<#S$/j:tiiui3SSpr-y--A"#IS(CHutBigSiE^ 
-S^-y BljiBiSBE-9--/<*^S*/j:l*B>jlB 

[0 0 3 2] C:tHCj:y. ±i3^ftlCt]n^Tv iSII^'ir 
•y l>'6'!Mifi*tl^v':X7'-^»li^*5l'^"2^- i8ii5'';r-y hWfU 

[0 0 3 3] 

[0 0 3 4] (m 1 <7)^fis<73RJ») m 1 <7)^ssf^iii©BS 

aE->XxM*x 01 Icg^t-J:atc. a— tf'fV'SJ^i- 
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[0 0 3 5] <7^7■<y>h^m^ tmpJV—j^^SiSt 
«o ^^YZVl-^Sl iiSiltl— /^'#IS2i:©P^t*st^ 

ffiJx.«/\°x':;-K. ^tiia:&zeBi#ii. ^tdt'tti 
[0 0 3 6] ^-i^-Tzyt-^isi lis fmm^m^vm 

nB (ntiigiiE5-'>--> hro*S/)[Eliaf) tT^ofc^^^B? 
^^SrSo sSSE^ttSaE^'^-;' hows' A,|»±<!:«tT# 

[0 0 3 7] <7zi-fT>h^fSM:mp!V—fi^m3ii 

If ?B 4 lc^Rjj£;]m f ^ n - k la ( k tilf fiE^y h 

« 6 »iteffits«ii 4 6 ^o^mH«^c^*ltm■r 5 ii <t *^ 
■z?#SC''f£:a6. r.©SlgRl««6tcj:y«jffi««4*5a]5 

fT*t>nTl^'5/:a6x Croa5^1f«66^635c<DS/Tr1tffi 

[0 0 3 8] <7zi-Cy>\-^mM,t. C(Dm7ji\n^6 

f * k IH]^^^ ^ f :SeS6''iglI^'5r H 7 A^#t?Bg^1f |g 
ic-a-r « C <k 05t^ t ^'frts. o T. iES i:^d6tlWs8 

[0 0 3 9] c;o):^;Sicj:tJ. '^^^^t'v h^isiii^ 
ffilf fB 4 ^|gpJ+»— / S 3 *$a6fcmH^tCB^*^^ C 
<!:«:< V n lHlSr-^aE5=-'!r<y h 7 LT?'JfflsSRr=& 

[0 0 4 0] ClWcfcaiC. *IIS£<7)Jf5^<7)iSiiEv'7.xA 
l*^ mnmWLl^^n (nttiESa) TiB^Sia^'^'y 

<!: BS^ LTf iJffilS pl-r S^Bl^?--/ \"#S<!: LTU^ 

[004 1] mimvs.'f-'Ty Bg^iffSfD^teic. 

^-ir-y htaSU?. *S)!]|slili. fl?TBB#s -9— /^^ESy?* 



M^ifsti. iiSBEf^-ir-y h(^>li^T«<i:^^-1'7'>h 
#®<^:*i««w•r«i»ffi1t?8^cB^!^<^^pIa^gli^^ n ESS 

[0 0 4 2] Lfc^HfiiJlCcfet). ^^'TT'VhffliJT-ro 

[0 0 4 3] (m2©iijfit^flj!g) f^2(o$^mwmo)m 

[0 0 4 4] c:<D|gSE->7.xL>li. ia2tc5^-r<i:-9lCv 
3.-- tf-f>-5»7i-x«l#-p';?^'r7'>h#siits =L 

-+f|SiI^tT55:3iSH-y— /\"#IS12^. '>^^T> 

-/«#lft3i:*>6fiRyv -S^^-i-^Vh^lSlltMlii-y— 

A#IS12Sl>1SRr+J— A~#:|S 3 itDF^li^J^Sfcti^Jiii 

/<#iS3t*mi <7)iis£fiJ«i (Ell) tm-T&^j. $ 
fc^ ssE-t*— /^#i8i23&^6'?^-r7'> h^smcinyjs 

#S3ic5ini-r*a.T^xif$ast>'i8Ri^'^'y ^sicis 

iSBrjiJa8tcoi^Tt.v mi®si86Je» (Hi) tm- 

[0 0 4 51 SKOlSSEv'XT^lKi^-S'^'rT'Vh^Slli: 

A:ti* nfc/ \°x -7- K p vjtmmv—/ <#ki2 j: u ^#/■c 

c: ©Sf&lf Siuii; 9 - F p w «JQ etii^m^micit 

[0 0 4 6] '^^-I'T'vh^SiiiiSiiE-y— /^•#Si2i: 
cDrL-+fiSiI^)iilcj50^Tlix ISiiE-y— /^'#IS12«:SLI» 

W iiSil-y— / ^■?Sl2cfc y ^#/^:SLiit R t <D3l^(C^pIi2 
/HJI f ^ 1 [Hl^^% o T^i5ffitS^14^Sai Z. ©^Sgffi 
«14tc3- 6 tc^plj2-3l[|| f * n 13 (»» n + 1 1sl. n « 

I3i LTigaE+t-/S~#iei2li:5M«<. 
[0 0 4 7] CtltCJtU ig|I-<t-/^#«12». SSSESI 

<!:. ^i!ffi1t?S14lc:f prjS*>SS f ^ n [iltT^ fcSSS^SS 
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^jiuis-To -?5'-r7^v h#isiii*. cn^mmw^^ 

[0 0 4 8] ^/iu ^5-1'7'Vh#lfi11<!:iS5JHt-/\~# 

S3<t<ofJffli8Rr#Ni^c^>t^T^*s <7=7■<T>^•^m^ 
•y h©fyfflsSprf=)iiiT©fieffl[Hij») mi-ordi^^^m< 

^i/^^ts$66^*lisgf■^f^B14:s■^[]e^l^mH«^c^it^■ll■r« 

^T^^^nT 1^-5 /cA6^ dCDJi'T^'tf $6 6 iS^^'^CDm 

[0 0 4 91 ■y-.j-i'Tyi'^mnt. ircDa5^if^6 

S3 lc5Mt)x cniCjRt LiSRif— /^"^SS (iKII^'Ir-y 
h 7 *^^trlSiItP^(D1lliiE<*:v ^/T^slSfB 6 tc^Rlffijlim f 

[0 0 5 0] C05^^lcJ:*J, '^^^T'Vh^Siniig 

[005 1] c to J: -pic. *iifisa)fB^<DiiSii->x^i* 

^aE^t-/^^e6\ IL—^fBE#)li^cfcl^TSLIiJ 

If «<!:SL»i:<^jl«gKmS©^pra!3SII« 1 iaJJt±fiSL 

[0 0 5 21 Z- yLfcmrnKJ:*}. SBl©jl)*J^!K<DS(l 
Stcljn^T. a-+fiigii#liiic*5t^Tt.<?^'f T'v f-ffl 

[00 5 3] (Ig 3 CD^fiScOffJSI) S 3 CDSIfigf^jilCDK: 
115/ 7.x ATI*. H 3 tC/T^-r J: 3 •J^^-TT'V 
21lc«feoTifiE*n/-cl8SEfflaiJ[*i««5ffi1f«24<!: LT-? 

[0 0 5 4] c:«3[)->XxA7t*x a-+figii#l(lit*Jt^ 

5>r7'>h#®;'.1^cig|I^l/x^1S?B^M3^■r?.o -^^-tt' 



i: ^ 5 'T 7 > h #a2l]b''*gffi«lt^fi)6 L/cifegffitSS24<»: 
<DStffljWiSSfP«S««BgSESi5MflB23i: LTKaEt>— 

^miic'^^. mstcfci^Tx ia# r@j «stfte«iss 

m (EX OR) m^^TTsLTl^^o 

[0 0 5 51 ctiictiu isa-y— /^#®22», ggns 

5^1til23i/<X'7- KPW<!:SL1ISR i:*^eiSSLT*2ffi 
tS$825:S:^46«o ^LT> COT^itSffitf $S25lc:Fpja!-»S 

icjU'JjS-To '^^-i't'v h#S2n*. cn«-?Offi^w# 
5^tf $B236';)ii ic^'p 6 n/ct<D /■£<!: fnt*; 5 -< 7 > 

h#S21T-iSII5^'>--y h 5^A#f5c:<*:*^T?-Tt>s 
<3b'<ISIiEffi/Tx'ttlB236^ 6./ 'vX9 - K P W igLiSR i: 

««t^TiS!}^Lfc»ffi1l^«25^*^^^'r7'> h#e2iicii 

cD^JEfeZ -b 7. ^-r i> C <!: /y'T-^- *o 
[0 0 5 71 >:7^-<7'Vh#IS21i:^oI1^— /^■#K3i: 

(D^|JffiiSoI^lli^^:^Jt^T^*. "p^y-cry h#K2i6^^isa5 
tf $824ic:t: PiMsm f €• n - k [g ( k \,tmu^^ 'y\-<0 

T'^j&t^fcA&v c©jia^nj«6icj:y»ffiif$B24=&«i5 

=&tt3*"r5C<!:t>T*'5:t^<7)T\ Bg-^'fbcDi^^^t.'&l-^ 

[0 0 5 8] ^5'<7'Vh#lfi21«> JltOa^T^lf^e 
«x «}tLTl^/ciSiiE9^'b"y K7<!:i'felc|8Rr-9— /^'# 
S 3 \zm y > CtllCJ* LgRT+^-Z 3 tiKilf^^r y 
h 7 6^$triig!I?CDmi<!:. a.T^lf ?8 6 tc^PTiffiSS f 
S k|sl^T%o/■c*g**^ig|iE^':^•> h 7 6'^^tJ^^1S?Sli: 

[0 0 5 91 CODT^aiCcfcU. 'J'^-fZ>h#S21«v 
!KSffi'tg«24^/'CX'7- KP W^gRpI-y— /^#S!3 «^i6 

[0 0 6 0] c:0)<t5lc. *SI)5£«7)flJ^<DiSiiE->7.7-/x 
SB) i:roSfffl3WliSffi)SS)^ST*»Js c:(D^?51f?g 



(12) 



!|$BS20 00-222360 



[006 1] d-p L/^:«t^^^J:y^ iSE^-ir-;/ hA^^t; 

[0062] (% 4 (OHfi&m^i) % 4 (DUt^ffiT 

lis H 2 CDSISSJ^ ffi(^SgliE->X5^ AlcfcHt?)ft<*e*)%ji 

[0 0 6 3] 04ii. i:<7)->X7'/*Ta)yp ha;u^5^ 
hl];U->-'>->'XlilT««o E14(C33C^Tx 311* 

-^^'■igiiE^^^^ai8II^t- A#S. SSliT'-^-tX^tPlS^ 

rs(K |~)J «fflK^«t^/ciSfiE^^^^^MilSS.X^Lr 

[0 0 6 4] ^5<Z> l-#ia:31i:ig!iE-9— /^'#S32i 
(OIL— tfsgaE#llliilC*}C^T{*. $-r. '5'^-f'7'>H#S 
31*\ IL-+f-r>-Si7i-X*^LTA:^#tlfcIl— »f 
SISU?U I DtV-JKm^^i^S I D<t«-<!:t%o/clSII 
g^RAuthent i cate RequestBOl ^sSsI+f-/ ^"#S32lc 
d(DB$s iSIDiS^Authent i cate RequestSOId^lSliE 

[0 0 6 5] c:*l.tC«LT> g!aE-9— /^#ia;32». «|s] 

5 J: 5 IcSfij;* tifcSLiS R 0 ^ i: t ^ o /clSil^ -v 
U>v>"Chal lenge3;02«Sy)Sro Ctl^Sttfc-J'-^'rT' 

tc/iX'7- KP W<t:gL!KR 0 .hf^iliKtcJtf LT n + 1 1S 

<D/ \'y -> h ^mLfcmm^ tttji^ tcmti^ u 

>5>f5SRespons(!303^3M U Ls C tllC J* LSSII-y-- 
/<t#l9;32tt. 5^-^ U>v^{SSResponse303lCiJJtS n + 
1 |gA'yi/a3l»^^^:g8^^^ofcn+ 1 iaM'y->a 
■;j|||iieSi*Jte:«iiELT-Sicrti«iEa<i:i2i6. ifffc 
tC^mLfc^'^'> l-iKgiJ^^T I D,>:n + 1»/\-y->i3J 
Siie^i:^'rL>7 ^5!>yTS Ot+J— /^IffiSiJ^^S I Dt 
SgE+^-/\"32S^ ;&/T^-r 5«^^«!ffiSy? I I Di^i^l,^ 
0^l§II?«*#fiQ3 +l/cgSII5^'!r •> h- T i cket304:&jM U jS 

r, •57^'r7'>h#e3i«. ^:^^«fJffli8Rr^)e■^?fflt^ 

[0 0 6 6] -^^-rZ^ h#S31iigpr 

©33i:0!)fiJffl|gp #liHJcfct>T». <7=7-(T> h#l831 

*^liSRlS5RAuthorize RequestSt>1SliE5^'^'y hTicket3 
05«igpr-y--/\~¥'lft33lC)JI«o Ca)Btx igpIg^RAuthor 
ize Request*^:i-+faEg'J^^U ID^ii'fe^dtODiL 
TtJ;t\ uniLtiLT. BigRl-y— /\~#IS33l*v 

UVi^Chal I en(|e306^jM f iSf » Ctl^SttfcJ'^-f 



S?t LT n - k + 1 \>v -> n mW H ^SS LfceS^fe <t 
t. 35: fesgpT^ A' U > 5>JS^esponse307:&S U « 

[0 0 6 7] C:<7)/\'yv'a-^iimH)b'^3=E»S^^-73lR]'t4 

•>'->n.jSIIUeilli/'C7.7- KP WSt>iLiBtR 0«53J6^ 

/ \ -y -> a 3tS H i: LTt*, «<J^»Sf M D 5 S H A * i:'© 

[0 0 6 8] Z^lZfiLTs iSnI-y--/S'#^S32(i. sSpI 
^^-V b>'y);S^Response307tttett^ n - k 4- 1 ©A-y 

•tlSli^^-ir-y hTickettcfcn:f5n + 1 1S/\'y ->aJSII^ 
^i^itgHeillL. — a-r+l«iEl<!:|gA6mRl>iaiRe 

suit308«5isyjg-r. mwMwiimmmm^K 

J: U -t X A'^if pT* tirclim lnfo«^l^^(ci:t*-5*, 

[0 0 6 9] J.X±<DJ:-5«:7'o |>zi;u->-^>xit J: 
•^^-l'7'>l-#©31li/\°7.'7- KPW^sSpr+t- /\" 
#IS33^#46/j:mH*t=B^6^-r C .h'S: < ^ n EIS TlSH 

^304*^IfflLT^OTiSpI*^#*^:<!:*'«7•#5o 
[0 0 7 0] c:(0J:-5^yP hn^Ue'-'!r>X€^J#-Pi8 

[007 1] 05^Cfet^Tx 3nin-+f-r>^'7i-X 

33^i7'•5'-trxttlPI€•*|JW^LTf|JffliSRr*^T 

[0 0 7 2] ^^'TT'V h*®3n*. "r-^OmSiB^ 

-SA:»:#ffi312i:. 2o©A:^^aseLT/\-yv'a;JIS 
H^fiF3S:3/\-y->i#S313t. ^l,tcVm.=f-'ry V 
^^i^-r^^^-y h«J##S314<i:. ISiiE^'^r-y 
l^^cSllcfSUTSaSSiMS?^ 5jiaSS»?#K315i:v /\ 

[0 0 7 31 m-iomsm^mmt. mm^-y k^- 

^x— S^iifl*- K-^P I A F S*- KHro^S^-rv-J? 
7i-XSBs I r D A^v''a-;l/»(D#i^ii«-1'>'S'7 



(13) 



1^01200 0-222 360 



■^X^ '5'*;-/^ h^<D^K'rv^r-f 

mSEti^o flis3i*R#S3i5ii. ■ffijx.aiiaiHiKA^iSffl 

T'*5o «lffifB1ll#e316{i. <!»J^(f I C*-K<D«J:3 

5„ ^S/\-y->r.#®317t*. ■(5!l;^«'/\-;'>'rL-;SISH<D 
7;b d~ U XI*^iiyi*^ii/o/i:)1IS[£]KlC tH 7 - F/ < 

iB=&#ift* V -r □ a > tf i — $( $ fc ttiftffi □ V t° i - 

±ro □ > tr :i — 5» :7a ^^'^ /x^ffiffl LT J|3S LT tfi 
[0 0 7 4] ^tc. mVEV—i'^^mHi. x-'S'tDaMS 

% 3^2 cTM^m^mi-i immm^t^m-r 

SiigiiEH-^«ft322i:. AT. -7- K»a)a-+f^iiE1fffi 

=&gsa-ri.iSliEtl?BS*8#IS323<h. IL-+f1SiIjiQSS 

icssL»*^fi)c-r<&iL»*fie#K324i. ■^^enft.fcu 

1 1 ^t^lKBtro/ \ y -> 3. 5S» H ^nts o%2 (O^Wli \ 

i/a.#IS325,i:s 2 :pcD^IS/N-y ->a.ffl€-JteJBg^-r?) 
iig|IBg-&#IS32e<!:v ISiiE^y-y h§g^7SlciL--':7^ 

[0 0 7 5] m:2<0)iis{i#ia32ii*. jSffl;?-'^ i^r?- 

7x-X««. I r DAt->'iL-;Hf«D#i1-i^'r>"5'7 
i-X^IS^5:i-rifS^*n5o igiiEftBt#IS322li. filj 

sSiiE'lffB»ei#K32 

rs.El:mm-^ti^. m2ro^ga/\-y->a.#ia325l*. <5IJ 



0 XA*iifl*>^A//c>SWl2lKS0=/ =E 'J UlSSTti 

fcli;/lffl a > b° 3. — ±<7) =1 > t:° a - •$< T^p -J^'^ Zx^ffi 
^'5 »J Rltg^J^iCTT'P -^"^ AiB»j«»:lCf3S 

[0 0 7 6] Sfcv ISpl-9--/<#S;33t*. T^— S'WjiSS 
«^if3S:-5«3(D3SSfa#S331t. ^«I^^J«ttl^f 

5iSRri+B^#S332i:. ISII^'^-'y h tC'(\fJ)D*n/i:^liE 
?^^;KliE-r*iSijE?«II#S333<!:. ^ilf^-Jr-y hO« 
attW:£=&ff^-5f^'!r«y h«3il!)!|9J^#IS334i:. ISaE'?^ 

-y -> i H * 3 m 3 (D^S A -> n ^^33 
20<D^«a:/\y->:iffi*ib«a5^r«S8pr^^# 
IS337i;^«i:^T0^i)o 
[0 0 7 7] l|3ff>illSffl#S;33n*. jlfi^-y h^- 
-J^OJSSltlSCTfflljltSL A N*- K«<r)L A N'T 
7x-X^S. iS^-ST^Jl/Z'S'r^lfcD I SDN-O-? 

7X-XSS. =ExA^©aiS'f>'S»7i-xsBv m 

ST^'—Siil^I*- K-^P I AFS*-K«f<D»Rl«'r>^' 
"71— Xi^Sx \ r D k=E=Jn.-l\^m<D^^9*tU-<y^y 
i-X^S^i:~T1?l)36T*-n^o BSRrH-B##®332(i. 

\t. KSE?«SE7';Udr'JXA*ffl*^iiA,fc-3iWHlKSl>' 

I*. 15iJ^«ht«lslK©ffi^-fe!:lCJ;y«lfig*tl*o ^<r-y 

h ^ijffl«s#s:335tt> mm^Wi^vrn-i-^mmmitt. 

m 3 (D^m.l\-y -> ii.#g336li. <5IJ:^«S 2 (O^^/Vy 
•> n #S325 i: IH^CDjUSSKT-* -izV-SKDT^'J-b-yf- 
ffi**«»t>©T'«im*tl«. s8pr!iS^#S337lis e>J;^ 
«JtKIllSS7-«J536*n«o ±fBS#l8;^V<'?P 
□ > tf i — ? « /c lisRffl =1 > :i — ? ±ro P V If i — ? 
:fp-9^7A«fl!fflLTII31LT'feat\ »5t^«*<DP 
> a - ^ T^P y 5 'J ^tg^JTJiCT-r P ^ ^ A 

iB^ii^^icfB^L. yn<f^L.mmi^mw)^mtm 

[0 0 7 8] JJ(±<OJ: 3 (c^Sfig* n/csSSiETD-SSO-'ISliE 
->X7^A^c^5l^T^ J.XT^<7)i()fftcoi^Til6«#B§L 
Sft'^eiK^'T^o ililTlis ig|Ig3cAuthenticate Req 
uest30l3f]i«i81IIf''!r-y h#J8!ilsian«^<!:t»^3Ji-&lC-p 

[0 0 7 91 '?7-t'7'>h#S3nc*3l^Tx a- 

^e6^L;46g^?n/i:rL-+flgIiEfflCD/\°X'7- KPWi 

^yffiiSRI^^#^>|^^^<^■y— Miasu^ s i DiisEf-'ir-y 



(14) 



!|t^2000-222 360 



A:^*n« (ST 3 1 0 K STB 1 0 4) „ A;':# 

m.'f-'r'v h^-^^mm^x (sts i o 2) . i^mm 

^al*a3102*SaS!iMJ/?#K315lc3M«o 5QSjMJi?#lg315 

«S3§!iema«i3io2*i««iL«5^-r«^ictt, tfis 

a?S3i7iC)My> *y*/T^-rii^tcii (ST3 1 0 
3) . fijffl^Rr#jeei()ii5ai3io4*Buia5^'^'y 

«a;314i:«|ffiiBWFS316i:^©/\>y->a#Bi317t»c3S 

So 

[0 0 8 01 BufE!A:^#ia:3i2t*. iL-^f^ismima 

103AWx.6nS.t. -B$«JtLfcIL-+fA^300*^aiX 

aa L/C. 3.-^w}3\^t^-i'\mm^tm%mWi<Dm\ 

05«-|| 1 ©i^§ffii#S31 LTSSIiEgSRAuthent i cat 
e Request301 1 L TsSSE-y— /«^«32ic3iy (S T 3 1 
0 5) . *5aiH]»3106^^IS/\'y->a#IS317lc2|y. 
/N"^^- F3107? /\-y>'i#ia;313lCjJI5„ 

[0081] igIfli+^-/<#S32^c^^,^T^*^ ^ses^u 

thent i cate Requ(;st301 \tW. 2 <^jM§ffl#S321 T-g-fl* 

n. ixa *n/c3.-+fiasij?32oi A^mitf igsa#s:32 

3{C)ll6n. ^j5!lli]ilS3202*^||2 v'rL#|8325 

a^^=BKSE?f^H)^#®328^c3l6n. -y— /<aKij?32033{]i« 

igiI?^Tf})n#IS3:'.8lCj|ietlS (S T 3 2 0 1 ) o ISil 

it?g«a#S323ti. iL-+fiasij^^32oi icm-r 5/ \°X 

^-K^iBliSLT (ST3 2 02) . ^ycDH^tCtt 

(ST3 2 0 3) . K3204^m2(7)5^IS/\-y-> 
a#|S325tCiil y , «l3§iemji«3205:&iLlia^Sl6#lft324 
Stf ^ 2 (O^mi \ -y -> a#IS325{C3f 5, 

[0 0 8 2] nM:^^^mmt. i^m^wmmiosiy' 

^mtc ic^> ic^fiK L rm 2 <^^|g/ \ >y -> ^ #S32 
5l=jMS<!:i:t,fc, m2a)aSS«#fi8321«^LTig|I^ 

V UVv-Chal Ien(|e302i: LT'^^-TT'V h#S31lCillS 
(ST3 2 04) „ Ki2<o^Wvy'yD.^m2S\,t.. ^ 

ig!|SSii5En3205#;#y«5^-r«^jE> /<X'7- K3204i: 

U>i>~iLI!$3;:06<i:©Siietr:5!f L^5aiH]iS3202d: U l 
^U^S»^^>/ \ -y V n. JUS H ^^T35: o m^<03'^J \ -y 
-> afil3207«igiii;B,g^#S326tC JUS ( S T 3 2 0 
5) „ 

[0 0 8 3] iintcS^LT'^^-l'T'V l-#S31lCfclNT 
lis ISliE^^i' b> ->Chal Ienge302tim 1 <7)HS§ft#lfi31 

^ f uv-msfBiosft^iRyaiS-nT/Ny 

v'ii.#©313lCjS'3n5 (ST3 1 0 6) o /\-y->3.# 

m^3^i./<x'y- Fimf^^ uy-m^siostwaig 

l::3>fr«/\>y->a»||H*?T^-pT (ST3 1 0 7) . 

\ -> a{i!3109=&«|ffifB'fS#IS316SO-"^fS/ \ 
->a#g317tCi^;j)„ ^S5lB1t^ia;316li/\'y->iL{i3109 



#f!8®*ftg!-rS (ST3 1 0 8) o 
317tt. a— •fi8aE^|llsei)Ki«13103)b'«^7L6nTt^5 
Bt. /\-yv'a.fi3109lc^a[£l3a3106lC+|^-r5Sig5CD/\ 
-yv/iLJIIWH^^TJfe-rjT (ST3 1 0 9) . S^CO^K 
/\'y->a{l3114^. mi(D^Sim^mn^-ft-LXWM 
U>>>l5SResponse303t LTHfl-y— /«#©32l:: 
(ST3 1 1 0) o 
[0 0 8 4] iItl^CJ!«tLTiSiItl■-/<^S32^Cfcl^T 
t*. MSMf" -V U >->'l5^esponse303ttm 2 ©jMSff^ 
IS321T:§«*n. ^S/ \-y -> □.ffl3208*'ilXtti7*-tlTIS 
liE?.8'&#S:326tCjgf>tl5 (S T 3 2 0 6) „ mm-^ 
#®326tt. ^^®/\-y -> n.mi2Q7 t^mn-y -> afil3208 
iCD-ifei|iiJ:^^^T^l^ (ST3 2 0 7) . BS^^S3209 
^ 5^ -b- -y h liSiJ^^ai36#lft327 lcJIS;5<i:<l:tlc^ia/\>y 
->a.<i3208€-^<D$$ *lfi/\-y v'iL{i3210<h LTISliE? 
f^tl]n#S:328tC3l«„ ^'5r'y haiS'J^^fiE#ie327». fi9 
^SS327*i'«-iij*^-r«^tc> *5a^5^>>--y MiS'J?3 
212^^fiELTiSiiE?^^tSD#S328lCjSIS (ST3 2 0 
8) „ 

[0 0 8 5] iSIIttPt#IS322(*. ilSB^giJ^itB^LT 

/]P#K328tC<ft*gLTt^So K;iiE^^^^t^)P#lft328^*. 

•y h aS'J?32 1 2 ^le/ \ -y n ffl32 1 0 ,t 01^3202 1 

^-rAX->>y3211i:-y— / ^1SSiJ?3203 .hiSiiE-y--/ S'32 

e #*/T^s-r sii^^iffisu^- L^w^u z.mzn ltisie 

9^*SfiELTf^linLTi8fflE^'!r'y h7^-^'3213i:L (S 

T 3 2 0 9) . m2(7)3M§ffl#IS321^:n-LTiSiiE^'b- 
-y l>Ticket304i:LT'?5-1'7'Vh#K31lc:jM5 (ST 
3 2 1 0) o 

[0 0 8 6] c:n^^:>i^tLT'!7^'rz>h#S31^c^3l,^T 

tiv igiiE?^'>--y hTicket304t*S1 tDjM§ft#|g311T-§ 
fflS-tlx ISSE^-ir-y h x-'J?31106'^lXtli*nTBijlB5^'ir 
•y h«j##IS314lcaS6n« (STB 1 1 1) o MtB5^ 
-^■y h«*##IS314tiigiiE5^'ir-y h x--Sf3110:£+*— 
saSy^^3101<!:5yi;5cJltT«JtL (ST3 1 1 2) . fijffi 
S:5r#liifii!iii*P3104#'47l6*if=lS-&t::x ^SE^-b- y 
h X— ? 31 1 1 iroiMSfi^SSII L TISliE5^^ 
-y l-Ticket305<i:LTigBjS5KAuthorize Request <!: i: t 
iCggpT-y— /<#S33tc2l5 (STB 1 1 3) tt.^\,C. 
mm.^'r y h7=-^'*^6WJaiHlSS[3ll2«lxajLT^S/\ 
•yv'iL^SSUlCjl^So 

[0 0 8 7] imiCWLTlgRl+f- /^■#l£33(Cjil,^T 
«s SSE^-^-'y Hicket305*^:t«:o/j:igprg3?Autho 
rize Request tim 3 (7)5ll§fi#IS331T§fi?nx 
g:>r x-^'3301*'i|5iai?tlTigSE?«fiE#S333lC 
iiiSnS (ST 3 3 0 1 ) „ |gSE?iKII#S333tt. fg 
tl^-'r-yi- X - •> 3301 cDiSIiE? i iSii^J-X^^cD x - ^ g|? 

?©334(CjM?>i:<htlC (STB 3 0 4) . x-^^gP*^ 



(15) 



!|#Bi2 0 0 0-222360 



e-^-riAX-? v:''3302i:+t-/^~ia&J?3303<!:^lXt±l LT 
'^'T-J h^^¥iJ3:#ia334(C. f^-^-'y hf»SiJ?3305<i:^ 
\-y -> a<il330(i<!:WS!j|HllSiJ3307<!:#ltT«MgU?3308i: 

[0 0 8 8] |iSprftBS#IS332«. iHSB#^iJ€'fl-B#LT 

«My^#S334,C«*&LTl^?., ^-ir-y l-^3a¥ij^# 
183341*. filiiEiS:^33046':My^L«:^x-rii'&tC (ST 
3 305) . Ht-/\'aiS'J?3303i:P«ggptc^Lfce+*— 
/ <;MS'J? 1 05— SJ^U^^S'S: 3<t:<i:t,tc (ST330 
2. ST3 3 0;i) . -St^lxX-SiyzfiiOlt^^m^n^ 
m-^< -Jf-rixX-Jf >y3309i:<7)M6''P/TSro^5a]RSPS£Dffi 
HrtT»*iI<!:^f'xv?LT (ST3 306s ST3 

3 0 7) . i^tH'^M-^'&^m-^iz^^'y hm9hmm33 

10*^-^ hfiJflieS#S335tciM5o C©»JS)«SPfi 

[0 0 8 91 zcot^. mmmm^^iisit^ 

-^- y h 'JTsb^'SmLT^^J. f-'rv h-#S»)i«133lO«« 

(s T 3 3 0 8) „ ga■r-5t.<^)*'^W:^n^*■^':^-y hia 

SiJ?3305<i:*a[3»3307i:^yfiJfflprtBlHiai:«5^'rffi 

i: UTcD^3a[£]SS3307COiffl^^y h U 7. h icillin LIB 
If-r* (ST330 9. ST3310)o Z.(Tin. ^Ifi 
/ \ y -> a <i3306 .t «?f#aiSU? 3308*Jfe fc-tirTIBIS LT 

S;335tt?$yf'jfflpr«iis]i!a^i j^c. M^miL^^m 
fflRr«6iHia<i:©jS««5^-rfyffliHi»33ii^3?i* (s t 3 3 

11). c:n^1S3<7)2SSffl#S331^^>LTISRl9^^ 
b>v>Chal Ieng.j306i LT-^^-f T'V h#lfi31lc3lli.i 
tfetc (ST3 3 1 2) . m3<D*®;/\'y->ii#S336 
iCtiH^o $fc.. ^S/\-y->3.^i3306^^(DS**'S/\ 
«y i/rLifi3312i: LT|gRrSS^#S337tCjil5, 
[0 0 9 01 Jim::WLT'5'^-f'7'>h#S;3ntfct>T 
I*, igRl^-\' UVv^Chal lenge306liS 1 <7)Kl§ffi#S31 
ITSfflS-tls fJffl[H]li{3115Jb^lXtilT*-nT^I9;/\-y->:i 
#l9:317(CjMStl-5 (ST3 1 1 4) o ^S;/\-y->3.# 
I8317tt, fiJfflgSRr#(iiei!lji»]3104fi«^^etlTt^5 
^^Its BUl3:KISlB1t#S316cfcU/S-y->afi3113^t# 
T (ST3 1 1 5) , /\-yv'a.|S3113tcWSaiai[jl3n2<!: 



f ijffi [H]ii{31 15i:(D»lctgaf5 ISiS<7)/ \ -y n -SS H ^ 
'^Ti^T (ST 3 116). liemcO^'S/\'y>'3.1i3116 
»1<DjilSffi#e311*^1-LTigRlf^1'U>-:>JS^R 
esponse307i:LTB8Rr-9— /«#S33»C3I5 (ST 3 1 1 

7) o 

[009 1] /\'y->a-»SH6'«5t»^^S-:&lR)14tS 

-y->afi3116fi/\°X'7- KPWStfSLlKR O^JPS'Sl^ 

->iiffi3116tc J: y /N'X'?- K P W«»l«iEa^iL-+f T 

/ \ >y -> a iitc JJtt S -y -> a >jS jt H (fi^Wiif^ < 
tlTt^^/-c46x c:©^®/\-y->3.ffl3116*^6*fl)^lftM 

*,35:L\ /\-y->a-3ISl*— liSlcBi^jllScfeUt 1 

0 0<gi-X±S3STfe-5<t^n. 3HJ]J5:lfi3ST-»n«Bg^ 

[0 0 9 2] cntcjtf LTiSpr-9--/\"#©33lC*JC^T 
ISrI?' -f U y -:>i;5^Response307l*S 3 ro§€?S3 
31T'Sfi? i1i3313*'«IXill#nT^ 3 <D 
^S/N'y->a#®336lC5MSn5 (ST3 3 1 3) o m 
3 CD^IS/\'y ->a#|g336ti. ^g/ \'y->iL ii3313lc?fj 
S[2]|!{331 UCifi^-r ^ISIi{<D/N'y-> a-3ISH c> 
T. iem<D-:i(J*f6y \'y -> ;Lfii3314^ISpr?S^#fS337 
(ST3 3 1 4) o ISPira^¥S337lis ^ISA 
>y -> a.ffi3312i: -:A^lftA-y -> afS3314i:©-Sf¥'J^«: 
^^35:^,^ (ST3 3 1 5. ST3 3 1 6) v ST'45«*6 
«1Spl3i5EP3315^. m 3 <D5M§ffl#IS331^^> LT^rI 
ji*QResult308<!:Lr'?^'f7'Vh?S31(Ciliy (ST 

33 1 7) ^ •;:7^<7'>^>#S31^^:^3t^TS'fi#+l5 

(ST3 118) o c:cO:^;*tcJ:tl> 'f^'TT^V h¥^IS 
311* / \°7. 9 - K P W^iSRl+t-/ ^#1533^^46 /=IIH# 
lcP^6^-rc:i:^<v nS^TISII^^'Ir-y h305^«fflL 

[0 0 9 3] J.X±<DIJ4P^T«'?5'r7'>H#IS31 
IC Jit^Tf WigRl#)ll<^»fct>'lC^S/ \-y all^ti-Sf 
Lfc*\ i8ilf^'!r'y KDI»mtc-r^T©Sa 
(D^a/\-y -> n.fi^*HuH-B LTaffiiB1t#IS316(ciB 
If-r^^Ifilci LT'tfit\ "tom-^. «lffil31i^S316 
<!: L T d; y :*:SaroB^? >/ \°14p< ^ 'J W X^fflt^S 

[00941 ;^?tc. Ill 5 izuk Ltc'm 4 (r>mM\m(Dvm. 

:&ffll^rcJi^cDlSiiE?W)lQ#ia328Ry-'igfiE?«liiE#IS3 
33<Di¥ffl^«m«ySt?Bf^lf:>0^T. |gl7&t>'l2l8€-# 

[0 0 9 51 lgiiE?<\tJ]P?©328ti. 117 iCxxTJ;^ 

iBti#®328A<!:. 7^~- •J' % jiig-r ^ X- ■S' a^e#^fi328B 
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8c i:. mmv—i K^m^ tm'^-^-j ^^msitbmm 

[0 0 9 6] C<7:giSSiJ?iB«#IS328A(i. m^i^P^=E 
Hil^L:T»•pTtSS•s)TO^Ttac^ /^ttilll 

f3it#©328Df*. mxif}<=E'j7^mm^ti. m^yfin 

Bi^#S328E(i. •|5>j7ll*Bg-^7';l'=)~U X7*^ffi3^)i,/u/c 
jSftlHli^^ /i:«B|i^SaSSffi y □ -tr •> +tT-«J36T*-n5o 
ilClTBg^T'/Ud UXAtLTttx fiU?ltfDES-¥>h'J 
y;UDES*if*^'(IfflT-^i.o i8iI?Ti*S#®328Ftt> 

[0 0 9 7] SSSE?«ISE#S333ti. E8tC5^-r 

J; -5 ic. igll?« X- ^ 6" e^lfr 5!S!iE?»SSi? IS33 
3Ai: . / \ -y -> a. 5ii» h ^^T^ -5 m 2 CD jS^7=^- / \ -> 
a#®333B<i:s Vt'M^-/ ^#S31 <!:|gpr+^— / ^#16324: 
S^WawlBfti: LT^o+J— /<ttji@^iB1S-r^m 2 CD 
Ht-/\-$|]®^Bffi!#IS333C^. Kil^^iCroBg^SaS^ 
tT35:3m2cD«aia;^xeBi^#'#fi333D<!:. T-'J'gU^^ 

SiJ»«-r«x— S«»«#IS333Et. si«7«afsy?«-!!8^ 

-r55t^T#!SSiJT-P,S^#ia333Fi:s ;>< y -fe-i^iga^- 
K*Jt««ISE-r?.Ji:«#S333Gi:miSL7l^5o 

[0 0 9 8] c<^>^fiE?^^si#S333Att. m^itmfm 

S&Vim^n^o % 2 (DjI^x— v'iL^IS333B. 

m 2 <D+t-/ <?^aiiiiB'H#ig333CRtfm 2 cDjta^T^ic 

Bg-^#K333D«. •f-n-€''niS17{Ci5t:t-^328C. 3280^ 32 
8Ei:I^UJ:3tC«m#+l«o x-^J^H^SSSSEt*. «!l 
?l«"ltSlH]SST«!J5!6*n«o ll^7#!fiSU?!!S^#l9;333F 
tt. ^j7Llfp<t'JlHlKSt>~ltl8?lHlffiT«ifi!6#tLS<, JtS^ 

?S!:333G«s •»!is.(mRiiia<D«^-e-(c j: y«tm**x 

5o ±IB$.#K^v-f'>P=i>l^:i— J'SfctijA 
ffl zi V t: a — JicD zi > tf i — $J y □ ^'-^ LT 

«gEffiyRltl^fB?5eT:/P<^5Af3^JKfls:lCiBiiL. 

[0 0 9 91 u±.(oi:o\zmmi£t\rcmw^m^m2 

8S^fiSiI^•^lI#lS333(Di!)^'f^^:ol^Tl^^B^■r^=. liSiiE 

?^^^1)D#K3287■|*^ $-r\ SS£S'J^SB«#S328A*^^ 
X - S!iS#«a:3;?8Blc^fiE-9— / 1 g #*5^-r»SiJ?3b''5$ 

tT#SEg'J^^328a<!:; LTtti^?nTl-'5„ x—S^jiig^ia 
328BI*. m 2 cDa':§«^|g321 J: U ^#fc*55b[HllJj3202S 
O'+t-/ <iffiS'J?3203i:. |g|EB§^#IS;326 J: y Wfc^a 



/ \ -> a {§321 0 i s iSIIItBt#IS322 =>; U fc ^ i^X 
^>:/3211i:. ^^-Ir-v haESlJ^•*^#S327cty^f/c:^ 
■r-y H«Sy^3212t. S««<J^IB1t#^328AJ:y^rcSI 
^7«iaSlJ?328a i ^^46 anfclli)^Ta£'^Ta^S L. X 
- a5328bi: LTa^e X— $« / N -> a #e328CSO:Sg|I 
?)i*S#fiS32BFl::3J;5o 

[0 10 0] aigx-^f/\-y->a#IS328Cli. x-'J'gP 
328blc3* f 5/ \ -y -> iL h $-tT^ o T^ ^^(DI \ -> 
a.{l328c^J^jS^*ieBi^#®328Elc2l5c ^^15^ 
llg^#S328E». +f-/miiaiB«#l83280*^6t>— 
^^Jia328d:&^#T^ ^:n^Bi^li^Cfflt^T/\•v->IL^B32 
8c«Bg^<kLTs ^ ■y-b-v'ISIlP- K328e<t: LTlSliE 
^^ji*£#©328FtJ:2£5o i8SE?aiS#lft328Ftt. x-^ 
gP328blc;>< 'y-tr-v'tSijEP- K328e«»ISLTv Vm.=f- 
fj-.y hx— 32135- tUi^-r^o 

[0 1 0 1 ] $fcv iSiiE?^liE#S333T-t*v Sfv IS 
SE^y-V hx— S«3301*i«Sg|I?»«#l8333AlCA:^* 
n^ y-y-fe— :^'iiSilP- K333a<l:x— S^gPSSSbitc^iSI 
*tl. P<-y-b-v'~BgiiEP-K333aliibSi#K3336lt. x 
-■ S«gP333bttm 2 ©jSigx— Si/Vy -> a#S333BStJ=x 

-- >»»i?S333Eic^n^~n)Me.n5o m2coa^x- 

^ y \ -y -> #S333Bt*. X- •5' g|J333blc3tf f 5/ \ -y -> a 
3ISh«(7^oTv !ieigO/\'y->a1i333c*m2<DJ^>i 
«*ieBi^#S333DlCjM-l.o m2CDJ^iili:&iCag^^lS 
333D(i, m2CD+t-/mimiB1t#ia333C*^5+J--/m 
JlSI333d5^#Tx iIn5Bi^M^^:«l^TM•y ->a1i333c 
€^lli^bLT. ikRffl^ -y -b-v^giln- K333e<t LT 
ibe#a333Glc5l|^c, x-^5^SI#IS333E«s x— S^SP 
333b5 AT. > ^3302 1 -9— / r6SSiJ?3303 t'f-'ry 
V SIS'J?3305 1 ^SA -y -> afii3306 1 #S»|2l»3307 1 51 
'fT#!S?SiJ?3308 i:tc5J5S|LTtB?:i-r5i<!:tlCx fg^T* 

ig^g|J^^3308^cot^T^ilig^T#!aEsy?SB«^^S333F^ct3^ 
Wi7^'m\i-m.-^^m-iint. 5«^^«s?gu?3308*< 

Kilt*—/ «2(DHES'J^^6^<!f 3 A^^fS^ L. P.^^*Sm333f 
*ttt^#IS333Gtc5IS5o J±^#IS333G{is ?S^^m333f 
Sfe^^f*\ p« -y -tr->>1SiiE3- K333a<i:tb$!lffly 

•y -fe— K333ei:3b'«— a-r«3b^«^t t icessoe 

[0 10 2] :*IC. E5<DSl4<DS^fifem«©|giI->Xx 

A^c^5t^T^ iSiI?<!: UTxv'-J^yU^^.^fflt^fclt^cD 
iSiiE^^^^t^]D#IS328SO•■iSII?^^iiE#IS333(D«Sfi)cSy^ifi 
fplCOl^Tv lil9Sl?E11 O^#R§LTItt0^-r?.o 09 
^^:^it^TH7i:Sfe«<D^*. +»— /<^tjfiafB1t#S3280 

^Vimm5^^^^m28l(Ji^t> v iz. mti-^t-/ ^32 

^#lfi328H5iactfc,'Sli:S5o S*i!e5aiB1t?ia3286<!: 
;^ 1 1; x/KXT-Sti«'^fcSt\ ii^lSi:i&5eBi^?S 
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[0 1 03] ^rc. El OlCfct-'TlglStSJi^CDtt. 

m 2 ©-9—/ \'it3iai3ii#S333c. m 2 ©wiia:^iciig 

1 oJi(±iiiffiT-5-9— / \iir»aisiss#S333Hsi>~i^rja 

7^^Bg^©«^«VS*?Tft -5 i5l5a»^^a^#«333J:& 

ss«#©333Hii. igEE+^— / %^mi<D?i-ts. 6 -rigRi-y- 
-A"#«a:33a)4;^fiBa*t,»«-rs*.o!)<!:LTt.j:i>o -y- 

4iBaa:^je^^#S333Ji LTtiv mX\.m^Tl\/^'J 

XA^ja^fii/urcSiJtiHiK* fcttB&i^saswffly □ t -y 

SB«?&ieBg^#ffi328HlCfctt-5Bg^7';^=r U XAlCj^iS 

S fc\ ±8B§?ia«-7'r □ =1 > iL - ^! ^ fc (±;Affl =1 
VtfiL— 5t±(D:a Vtfi— 5J :^py^A^fi!ffl LTHiK 
LTt>ftt\ »^l^«^-<D3I>tr:i-^:fP^^/^«SI 
IS y RTtg^J^iCT-yp -J^'^ AlBi^jgflstcf Bii 

[0 10 4] «±©J:-5fc«fiE*nfc^EWllD#S32 

8SlfiigiiE^F^tlI^lS333©i^)f^^^:ot^Ti^^B^■r^o isii 

?<>tl)a#IS328T«. gSISiJ^^Kti#IS328A. x-^f* 
<e#S328B. St^- / \ y 5/ n #l8328C©i!im*0 7 
(Om-^t l5)*iT-25 1) V 7= - -S? gP328b A^Sgfl? jSiie#K32 
8F(e. /\>>i/af|328c*':iilll«7DieBi^#lfi328HlC. ^ 
tl-Ftl«iSS?tl<5o iiM8i3?ieB§^#S328H{i. g^iS® 
IS§31t^gi328G;!)'6SIBI^328f^^T. zm^Pf^tt 
^Cffll^T/ \'y -> :ifil328c^Bi#-fh; LTs T^^v'-j! /U§«i32 
8gi LTiSiI?il^#S328FtCJM«„ iSliE?aiS#S32 
8F«. 7=^— S«gP328bfc:x-:>'^;|/S*328g«aieLT> §S 
M^^'ir'y h7^-^ii3213^ai^-r-So 

[0 10 5] $/cs iSII^^«iI#©333Tl*v 18 
SE^-iry h7^-^»33016^S!SE?»!BI#Sl;333AtCA** 

xv>'^;US^i333gi7=-^$P333bi:(£:5^g|3-n. 
v>"^;USi&333g(ii:i;jr»fla:^iC^^#|g333JtC. x-'S'gP 
333b(im 2 - -S? / \ •> -> :i #|g333BSO-T'- ^ 5^ 

i!l#lft333EJc:-?-n^nill6ft«<, Sl2©5i!iex— Si/\-y 
->a#g333Bti. x-'5'g|5333b(C)^-r^/\-y -> ijUS h 
^nri-oT. m^iOJ Vyz/D. ffi333h:&Jt|gJ#|fi;333GtC jM 
5o x-4»»l«t=l9:333Ett. 7=^— S»gP333b*4«'rAX4« 
> 7^3302 1 +^-/ ^1SSiJ?3303 i 9^ 'y f- lffiSiJ?3305 1 ^ 
IS/ \-y -> iLfl3306i: W5a[H]|il:3307,!:lg^7#iaSy?3308<h 

(ci^siLTtiii^s'-sii'ttc. fg^7#a^slJ?3308^c■pl^ 



Tti+^— /\"^B5aSffl#IS333Hlct.j^^o -9— /^lll^a 
»a#S333Hti. «^SiJ^ 3308*''etHl®iSiI+^— / ^" 
31 (Sftf*S[pr+^— /«2) <^SIgiJ?^3!)^t'-5*^«5g»S^ 
Ls BS^S^333i^Jt$S#|S333GtCj^5<i:i:ttC. 
#SSES'J?3308lCj>fj!5-r*t>— /^iiF»llli333j^iiBBa:^^ 
«^#fia!333Jtc3S«„ 

[0 10 6] 'j^p^mysizm^^misnt. ^-/v^mm 

333j*^^a^^:ffll^Txv•■^;^S^l333g^^^ft;LT. 
J±tJffl/\'y v'iLfi333k<!: LTib«2#®333Gl::3M^„ tm 
#S333G». !!Bd«S*333i6'«-Sr^5^r6\ /\>y->affl 
333h t itnmJ \ -y -> a ^i333k <k A^-SfT 5 i {c«l 
|jBie«3304€:dl:^f *o ^^HjEHeSSSOAfet^y^L^/TX-T 

[0 10 7] 3:G)d:3tC. ISiiEv'XT^/iA^crollSSJTJ^ 

(D+s^^KRi. <t ic cfc u . 5 -r 7^ > h ffliJ6"<n-»sast6 

[0108] (m 5 ro^SScDf^^) m 5 C0II]5SH?«T- 

[0 10 9] m 1 iiSi5oiifiSJK«iiz:fcnt^iSE->x 

«c Ell 1^c^Jt^T04i:S^:s^D^*. n.-+f^v^j7 

igiiE+f-/^#®42i:Tfe-QTs igpI-9— /<;#®33tiiEte 
y*i«^t^ gSU^-t' U>i?tS§Response4016^lL 

-+f'r>-5?-7i-X*:n-LZ"A:^*+l/=/\°X'7- KPW 
R 0 <!: ©SiglCj* LT 1 KO/ \ 'y -> a H ^fifi 
UrcieSi'J'^'rT'V h?®41fi««JS»lcSfi)6Lfc|gtI 

ISSfiljSSac^/T^-r) ^<i:t>^3*s iSiiE5^^-y hTicket 

402. 4036'' i: t S 3 / \ -y -> jUSSS^A'^iSiiEfflSLIjl S 0 

t«:3l*-r5na<©/\-y->ajSII«g*T'»Sjt> 

> v'/^;S:Response404*'! <!: t, % -5 / \ "y ■> n jHH^^tf'SS 

limits 0 icmr^ n - kmcDJvyz/iLmmT&^i^ 

[0 110] J.X±cDJ:3%yp h-=i;u->-'>-vxic<i: 

#®33*#46fc«H«lCR3Jb^-r C < . n BST'SU 
^>r-y h402^«fflLT*'Jffls8RrStf*iI<i:*':T-*. liS 
II^'T-y h402AV\°X'7- KPWlC^^^I^(DF*gS7-«^ 

[0 111] cicDct^J&yn h=i;Ui/-':r>x«Jtois 
iiE->XxA©«t^lc-3l^TE 1 KDrnmya-y^^^^ 

[0 1 1 2] 01 2lCJSf'Ttl215 iS^^CDt*. IL- 
+f''r>^J7i-X^l^-:3^^i'7'>f> #©41 St>":i— y 
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TE5<D<75'r7'>h#IS31<i:a&S<Dl±s a.-+fiSiI 

/c, igaE-y--/^'#a42lCi5t^Tia 5 (^iSliE+t-/^'^K32 
iS«:«©«. B2©^®/\-y->a#S325. 
#S326CD^^::to U Ic, / \ -y -> H 5-^7^ 3 SI 2 (D/ \ 

m2<osffftWiiis«j#f8422s ^x<itvrcwmoiwy 

o-JStHH 3ft 2 (0^mi\-y v- i#l5423^iSl:)-. 
-gP<©«gJi®^K«)fc}SlCS5o iSiIfflSLiiC^#S411 

ts.Et^^m-C^^. UK m2rofiMti3WlnSfi]^IS41 
2. 422i:LTtt. «lJ^«iSSlHlK6'<fi!ffiT-*^o ft 2© 
/\ y->:i#S421<h: LT»^ fiy?l«/\'V->^S**H<D7' 

;u=f 'J XA^sa^^ji/ufcJiimiaKft^i^fflT-^So m 2 (?) 

^^ivv'yiL^miit LX\.t. «ij^t*'42lilll«0i»» 
? ^ -< □ > t: iL — S? $ fc =1 > tf i - -JJ ± 

[0 1131 JJ(±©J:3lc«J«*tircgfiE5'X7^Ik©i(l 

iSIIS^RAuthent i cate Request30l3b''ISii5^<r'y 
[0 114] ^^-I'T'V l-#lft41Rtj=iSiiE-y--/\" 

#S42^c^5t^T, m2cDjii§^i#ia3ii. 321. a 

^^^312. =f-^y h«J##®314. SaSiM^#^315, 

^iiEi«^s«#^323. %m.^^m2A<m^\im 5 s 

E6C0Ji-&<}:l5l«n?feys ISiiEMiRAuthenticate Reque 
st301Stj'ISiI^ bVv'Chal lenge3026''32Si#tlT. 
<7=7^T> h#ffi41(cfel^T^*Il— tfKSEKiaiEiKiffl 

4101^fcliifiJffii!Jpr^|ll^3it)ii5Ea3104A\ isii+t-A-# 
K421C 33t^T l*#55!j[H]|!$4201 <!: +^--MiaSiJ?3203 ii / 
•7- F3204i:i|tijiiem>lJa4202i:^-\' U>v'gLii{3206i: 

ts.Kt^^mM. risiEffliLiif^^#S4iisifmi <^s^fd3 

MliiS«l#IS412.,CSen-SjS. W5aiH]»42016'im2 03 
\ y -> :i ^gM23RtJfB8SE^^»D#e328lC2l 6*l« 
iiSs «l^*g^iia]4202*'tS2<D/\-yv'a#IS421, iLiif 
*fi!6#IS324&Z>f^'5- •> h JtS'J^^aEfiK*IS327lCii|^+l-5 

iS. ^ V ix > v>s.iBt3206*<m 2 ©/ \'y •/3.^mi\ mas 
en?) <t <k t» itm 2 cD3iisffl#is32i lt-j^ 5 -r 
V h#®4i(cjiif,n5-ii*i^M^*o 

[0 115] JSlils •57^-1'7'>h#IS4UCfcl^Tx iSil 



ffliL!!a^J5i!6#IS411li. iL-+ftSiISQSS3K)ai5fP4101A'i 

■^iien'S.i:. iSiiEJS*iiip^tc^i,^e.n^igiiEffla.iif4i 

02««ifctC7>'S<'/**^O««&3iHC^R8LTIg 1 <D«Pft6« 

!iS?n#S412St>"^?Bf3tt#IS316lCill^ (ST4 1 0 

1 ) o «imieit^S3i6ii. igijEfflSLJSi(4io2€-*t>ffiwe 

(ST4 1 0 2) „ m^(Dnmmmmm^m4^2 

5/ a#S313 J; y ?ifc/ \'y iLfii4103i:igSEfflaia4102 

LTi#6nfcm/\'> >>affi4104^ft 1 a)>^§fi#©31 
I^^LTfgSEf'^ U>->fS;SResponse401 1 LTsSffi-y- 

-/^~#|g42lCj2^5 (ST4103. ST410 4)„ 

[0 1 1 6] c:nic3^LTiSiI-9--/S'^m2lCfct^T 
I*. iSil^ -V U V>>"FSSResponse401 lift 2 ©3ISfS# 

^321 TS^Tjrn. fluay n -> ^ ffl42046'tisfai snrs 

2 (7)SffteaDfnSfi]#IS422lu3jl6tVi> (S T 4 2 0 

2) „ — *-e^2<DM->->3.#S42ni. ;Bs^smji*n4 

202ii«*y *5^-r«-&lCs I^T.rP- H3204t^-^ UVv^ 
SLIif3206 i: CDMiie lC>i>f L/ \ -y -> n H o T> <S 
^(7>/\'y ->affi4203^M 2 ©Sf1teWlSa«]#®422lC« 
*&LTt^« (ST420 1) o Sg2(D«mfi*iaiSffi#S 
422t±. m 2 <DA 'y -> □.#IS421 ct U iifc/ \ -y -> a ^14203 
<!:m/\-> ->iLfl4204i:CDP^T-t:~-y h S(DSPfteWiiS?P 
iemt LT^#6tl/i:iigiiE^SLlla4205^S 
2a)^K/\y'>i#e423lc26« (ST42 0 3) o ft 
2 (D3^S/\-y v'iL?S423(i. igiIfflSLlK4205lC?if L* 

3aiHia42oi*garoS:»a)/ \ asm h «-tT* ^ ^ 

SOD^fiSA'y ii«4206«S8SET^^l)P#»328lCjai« 
(ST4 2 0 4) „ 

[0 117] tXT. ^-ir-y hl«SiJ^^*^#S327. fgE 
tt-B$#^322. i2E?1\t»P#IS328<D«)m*S4v E5<^ 
«^tlRl«T'»«3!)\ ^-Ir-y hiasy?^fi)o^S3276^a,? 

■&iKm3209<^i«t) y ^ciK^s^^i^p4202^ffll^5 is 

liE?<^t3]a^®328*'i«5a[2li!»3202&t/^aM>y -> iL{i321 
oam>o y tc:«J{(jlHl»420 1 \'y -> iffi4206%ffl 

l^^jStf^S&ys SSII^^'Ir-y h-x— 5!3213i:(*S^5l*l 
StDlSiE^'ir'y t> t^— ^«4207«i^f (S T 4 2 0 
5) . ft2(3!)^S«#®321*^LTs8iIf^'!r'y Hicke 
t402i:LT-?5-l'7'> h?IS4Ut3lS6n^c 

[0 118] ^:n^^:3^LT'?5'<7'>^•^S41^ci3t^T 

l*x S5fBft1 <735I^§«#S311. WlB^y-y h«J##S3 

S)jl5EP31043b<-§-?tenfcJS-&lCs ISfiE^'^r-y hTicket40 
3*<igRlS5RAuthor i ze Request t. i: t lC|igpI+»— / 
33tC2ietl. ««)lsl»3112*('^S/\'y->:i#S317lt« 

[0 119] d nics«fr 5iSpr-9—/^#S33(Di!jfft.i2i 

5^ EiecDig^illltiTfeyx IgpI^-vUVi^Challeng 
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[0 12 0] CfacS^LT'J'^-l'ZV t-#IS41lCtJ^,^T 

I*. MSBis 1 om^^mv. \ y >/ a#e3i7«« 

lBtS?IS316<fe y :'#*a)«iSSEfflgLlif4105TS t) ( S T 
4 105) . C+acWLTftLSi'^tTSfenSo "T^to 
■6, v'a#IS:3173!j«WJ»lHl»3112<!:f'Jffll5ia311 

(ST4 1 0 6) . «^m<O^®/\'y->3.<i4106«-mi C^i 
j|ISfi#®311«n-LTg!Rr^-t' U>v*J5SResponse404 

<!: LTlSRl-y— / 'v#IS33{c2^;5 (ST 4 1 0 7) » 

[0121] ii+Licj:t)igpr-y--/<#S;33A''tisigRr^ 

•V U>-m§Res|)onse404*'«<!: ->3.€. 

ISIiE^'lr h T i cket403A'i<t: t ^ 3 ^IS/ \ 'y -> nffiti, 

tlHi^T- J: < . 2 -DO^Wvy -> iflro^^^-^ I -y 
LT. iE^<hig«)*l«iSprjiJaResult3086''jI?*Xv ^ 

7-r7>i-^S4uc33iNTS«s-n«o 2:<d:^^icj: 

Us V -< Z > #S4ni/ \°X 9 - K P w ^igRi-f^-/ ^" 
*ia33^$<!*fcmH#lc0^3b^-rc:<!:S<x A^-rs/U'?- 
K P W i ti^M^'tTS^ttcDJ: U SB5t^^Ef''>• h402 

[0 12 2] >s:*5. )>x±.o:>mni:\,t<7^'(yy\-^m^ 

ro^lS/ \-y -> affl!:&35Bui+S LT;^ffiiB'lt#IS316tcSB 
1ir*«fi)6<!: LTt,St\ -^-WJi^. «l«i3«##ft316 

[0 12 3] igiiE->7.xA6';s:coiiift?gKI 

46. fgHE^'^-y h6^S:i-+^''iSliE1ffBAi^}i»y**i^pIte 
[0124] (SI 6 (DSIfifeODmflg) £ 6 (OHfife^lgOOSS 

[0 1 2 5] Ell 4ti. CCOiSliEv'XT'AtDyp hn^l/ 

E14«!:Sft«©fct. •?5'r7'>h#IS51St^^pr+J— 

#IS53T-»-pTx SSlI-9--A#^IS32t*^:bU*^'5:l\ S 

Resu 1 1308 <!: <t t lCMIlT**lfciSiiE9^ ^ K T i cket 501 



[0 12 6] Z.(DmU.=^-^'y hTicketSOHiv UW.^^ 

[0 1 2 7] ip-6s iSiiE5^';r-> h-305T-<Dn+ 1 |gy\'y 
->i5JS»Se«6\ n-k + lSA-vi/aSimiie^ (kli 

ro^SiEIRnftv ?SyfiJSRlSg|sli!![n-klcB^}$x6 

yTSk^cM^^ftjl6^T^-^i.„ fiiT#lSIS'J^^ I i da^ 

[0 1281 2:©:S-XiJ:<fcy. -^'^-I'T'v h^Ksiti. 
/U-?- KPW^fgRrt»— /^*®53«§i6rcll=«lt^S 

[0 12 9] ilCDJ:-p%:/P h3;U->-'lr>7.«J#0^ 

[0 1 3 0] lai Stcfcl^Ts 0 5 
'TT'V h#IS51&t>1SRr-9— A#S53TSyx igijE+^— 
/^#]^32ttStoy*i«!5:l.\ 'J'^'TT'Vh^eSKC 
fct^TIElSCO^^'rT'V h#S31i:S35:50D(i, ^-ir-y 
h «*##S51 1 IS^mSi^-l ^#^536^ e. (DiSII^y -y h T 
i cket 501 ©fSSE^-^ -y h t^— S« 51 01 %«Jf S * o IC 
Lf=*icS?.„ iSpI+^— /^"#lg53{CfctNTig5 0 

1SpI+*— M-#IS33iS^5<Dli. 5^>r'y hfUfflSS^'S 

53i/)^?syifijffiprtg[H]isstai:^-rs't,o<!:u S3<d 

^®/\-y->ii#S336©f«t>y 1 S(D/\-y->:i3SllH 

^^T'S:3m3ro/\>y->a#IS532*lStt> iSliE^'>->y h 

®533«fffclcsSlt. -ai5<©«Sli*«4!>/c)SC::S5o 

[0 13 1] C(D^y-y h«J§#IS511<!:LTt*. 
•y h«}t#|g314iIll«lro*i^A'^i^i|S*>iftPLT1Iffl-(? 

^'5r'y hfiJffleS#K531i:LT«> f^^'y KfiJ 
ffleS#a335i:ll«lro*ifi)6*-^$S*i^jil]n LTffifflT-* 
So m3(7)/\-yv'iL#S532<!:LTl*v •|5'J^«'/\'y->3. 
-SIS H CDT'Jbd" ij Xix^ffl3^iiA./i:>SIS[slK*i^1ifflT-^ 
So ^2<Dg8II?f^lJn#S533<tLT«. i8iiEWl!P# 
IS328i:|Wl«|(^)*«^i!66''ffiffiT-?So ±fBS^Ig«- 
^ < -J? p zi > t" a — S ti jRffi P > tf a — ±© 3 > 

li^ron > tf a - ^ y p ^ A^S!IX U nr#g^miCT-r 
P -y'^ixIB^^ttlcfB^ Lv yp 'J^'^AlB^jgftlTOlXtl 
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[0 1 3 2] J.X±CD*-5tC«fi£*tl/clSli->XxAcDB) 
ailiESjRAuthenticate Request301<)'«KaE^'5r'y 
[0 13 3] '^^'TT'Vf-^ISSISa-mi^t-M 

tPigII#)^i««^5^:*J^^Ta^w^c^*. igii<t-/<:#S32 

cfcU-^^-f T'y l- ^SSI^sga^-Jr-v hTicket304*i'3l 

[0 13 41 ^:n^cs^LT'?^■<7'>^^e51^ci>t^T 

|g1 aD5M§m#lft311til215. E16<Dti-a-<»:|HHitc 
ififfU ^-^--y h «Jf #185111*121 5. |g6<0Ji^a)5^ 
h«Jt#S3l4i:l^l«tc|l!)f^L, fSSE^^'^'y Hi eke 

t BOSA'iiSpr^iRAuthor i ze Request ttt icgSpT+t-/ ^' 

55(j[Hl3S3n 26''Uai ?n^®/ N ■> -> n #IS3 1 71C jM 6 n 

[0 13 5] c:niC)!ttLT«SRl+f-M'#S53lCj5l^T 
«s Sl3cDj|ISflr#S33K |gprH-Bt#Sr332x iSSE^^I 

ii#iS333st?^er.y h^mm^mimms. 06© 

afi3306 1 ^<ltmm.m7 1 5ie*ISSiJ?3308 t^^-yi- 

5o ^-ir y h *iJfl§«S#S53H*. H 5 . 0 6 ^© 

^-tr-y Kfyfflg5|#©335i:li(?l5|*ilcB]fPLT> ?Uffl 
l2l»5301^m3<7)jM§ffl#lft331*^>LT|gprf^i' U> 
v^Chal Ienge306.»: LT^'^'CT'V h#ia5nc3Sy. ^® 

/ \ 'y -> a ffl3306^ r ^- S $ \ -y a (15302 i: L TIS 

fijffl RrtgiHi» t +^-/ ^aig'j?©iii5303^aj* urm 2 <d 

ISIiE?(^fia¥®533(CjM;5„ 

[0 13 6] dnt^Wr^'^^'r'T'V h#IS51CDii!)'f'ft 
1215. l216<Dii^r<i:ll«TSU. ISpTf^-l' b>i>'Challe 
nge306{C3(tf LTsSrT^^-V U> v^l5S:Response307««i6* 

[0 13 7] ^:tl^^:«LTiSRr■y■-M~#^ft53^cJ3L^T 

ti> igpr^+ U:'-mSResponse307»1g3«)3l§^B# 

IS331T-§ffl^tXv >'a{l53046^IXtll*nTm 
3 ro/ \ 'y -> a #l:i532St>'m 2 ©|§iiE?^'fTtl)D#IS533lti2l 
5+l5o S3<D/\'y->a¥^®532ti. ^S/\'y->a(fi530 
4(;:/\y->a3SSH«?TftoT. /\'y->a<DSa««1 ii 
jl/i:-;;>:^S/\':'->afi5305^ISRjB,B'a-#ia337tCjM;5 

(ST5 30 1) o ISrIS8^#®337«. ^IfiA-yv/a 
fi|5302 1 -'k^W \ -y -> a fiSSSOS 1 0— aw^StTft t> 

(ST5302. ST3316)s {!S^*SS5307^m 2 

<ols:II^^^t^lD#li533^^:jM«. 
[0 13 8] msm^^m32ntm^mi^%^mL.Tis 
iiaB^syicit-sx $'r^,X'S!>y5306^m2cD!SiiE 
Witin#©533icf««g LTi^^o m 2 cDKai^^f^tJja^ss 

331*. ^^-ir-y hlSSiJ?<!:^yfiJffi5JtglHllK<!:+f- /^ISSU 



?CO^S5303 <i: ^S/ \ -y -> a {i5304 i: -Jf AX -Jf > ^5306 

^5308<hL (ST 5 3 0 3) . ^ 3 ro3l§fi#K331^ 
^I'LTiSiiE^'ir-y HTicketSOli LT|gRjji»]Result308 
tft^i^i^^-fT'yb^UtSUcm^ (ST 5 3 04) „ 
[0 13 91 cn^CJ^LT^^'^'7'>h#IS5nc33l^T 
it. ISiiE^'^r-y hTicket501l*mi roj^Sff#IS311T-§ 
tm.'f^'y h'f-^smLLTmti^-'^'y h« 
If #®5in::2i6n«lf 3-ni: (s t s i o i . s t s 

10 2). 5>;[H]©?iJffisSRj#|llITi5ffl#n5= 

[0 14 0] c:ntc<j:y^^'f7'>h#S5i*^6Klpr-9- 

/\-yi/iL(i(*. ^rolSiSd'i^iJffliSpICilcl -r-Pi^oT 
^T< iSpr-9--/S~#IS53Tt*/\-y->a3ISt* 1 1S© 

-+f^iM14t*teT*-B:-r~tcS±t4«-iS46^iIi:«iT-$ 

PW^ISnJ+f- /^■#S53^^46/cmH#(CB^6^-rz:<i:^ 
<x S^14<DcfcUiSl^i2iiE5^':r-y K305:eiIfflLTnl£] 

[01411 ^*5. J-X±C0iKP^T-t*'?5'r T'V h#|g51 
lt*5l^T?iJffilSRj#IIII©fct>tC*g/\'y->a{a«:itS-r 

(O^WVy -> afil*«ijH-» LT«lffii31i#g!:316lC|3 

1fr«^ifi2<i: LTtfil,\ ^©JS^. «iffiIB1t#IS316 
i LT J: y:^S*a)ii^' VA°ttjXt '>» WX^^i^?) 

[0 14 2] d CD J: -Pic. *||SScOJg!g©K!ii->Xxi* 

[0143] (m 7 ©iisfioRjni) m 7 (Dmmm(Dm 

[0 14 4] 1211 7t*. c©iSil->XxZ»©:^p ha/u 
:&5^-r'7^P h=];U->-'{r>XETa8«„ 01 7lC^l''T 
@4i:S35:%coi*. -^^-TZV h#lfi61. iSil-y— /^~# 
K62. iSpJ-y--M"#S63T26oTv •S-6lc|SSI5^'>-'y h 
SS#lfi64=&jgJ]DLTt^^o $/c. iSiiE^-vU>i>^SS: 
Response303«SltfcSa-y--/<#K62«sg!liESa?Authe 
nticate Request3016^6ixa3 L/c^-Ir'y l-fffigiJ^T I D 

'i-'rv hSIfTaSffiS^Registrationeoi^^sgBE^-^'y i- 

'gS#IS64'\HS5;^>. SSpfSsRAuthorize Request6026'' 
fUffi SIS k lilt's: 3 SSRJS^RAuthorize Request6 
02SO=iSiIf'':r -y h Ti cketSOS^gtt/clSRl-y--/ ^#S:6 
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35ti<!SpIS3<Authorize Request602SI>'lSSE^':r'y h305 

5^Update603«-igiI^'!r-y [-mm^^eA^M^!^.. Cltl 
icjtf LT'-tJ-^lCfS UTiSli^'^-;' hJE*6ji^PReject606 
*'')lT*'ni)jiS. igpIf^V UVi^Chal \enge604m'M\B\Wl. 
k tDf«*5 y {cftESfe* J: -5 SfiKTSrtifcSSLik R k « <h t. 

I^IpT^-V U>>>'rE;§Response6056V\°X7- K 
P W tSLiit R 0 i: ©jiiiiSlcS^f LT n - k + 1 1fi©/ \ ■> -> 
rL3i»H:&fifiLfciieSJc#6lcR k <!:©SffftWSSS»jS 

[0145] ::(7:7d;£IcJ:U> ^^-f T'^ h*©61t*> 
S61 6^ 6S TISlRT-y— A#K63 i li?4Sl L fciSiiE^ -b- 

^«iif<Dfgpr-y- / ^#®63TJtjitc5pjfflRrs6t -r « c t 

[0 14 61 Cc^iyp m/U->— '{r>;^«JtO|gSE->X 

xixfJDiifiglCOO'TEll 8^#P,tLJ5:6'i6iS0^-r^o El 

1> iigiiE+^-/^'#|5ft62. St>BSRl-tt-A#IS63TSo 

<35fijraiHi3ak«ea-r5f''!r'y h«}$gs*iS6ii«^^ 

Iff. -SP<DiK*8^r3iC<«>fciSlC»5o «fc. l8aE-9--/^^ 
S62jCj5t^TE 5 0|gSE-t-/ ^'#S32i:S^505^i^ IS 

[0 14 71 g!pI+t-/^#S:63lCfcL^T05O3[ 

gI-it-/^-#IS33<!:S^^CDt±. fgliE^^r-y \'(D=^^y h 

[0 1 4 81 ZLO^^-y hfSj^BS^Seil.tLTt*. 
f^-ir-y h«}t#IS335i:l^«<DlifiEtcfJffiia»<Dftll« 

fte6^tiS5fi]#isei2> 633i:LTti« eu^wisaiHiaft'^fii 

^632<!:LTt±. SLJS^^#K324<!:ilHi<D«lfi!66W7- 



±<D n > tf n — Sf T^P ^^'^ LTSI^ LT t> S 
P ■J'^ AfBSiSflslcfB^ y P ^"^ L.$Em 

l\ 

[0 1 4 91 J.X±a3J:-5(C*ifi!6*nfc!SII->Xx/*Oi!l 
iSSES^uthent icate RequestSOIft'^iSaE^'ir'y h^Jgj 

[0 1 5 01 j.--*fim^m{cssif^<7^^7'y 
h#iS6ist>isiiEti— /^~#S62icjjit5i!jm*ia s . m 

6 <Dli^i:«tf Rj^WlclilSiiEt)— / ^'^©62 J: 
^y^zf-^T^^ h#fS61'\|S!I5''y'> h Ticket 3046^)11 8> 

l^a^f-^y h«lt#S314(Di(lff«^'!r-y 
seiift'^^T^ao SfcigijE+f-/^"#IS62iei;L^r(*. SS 
ES^tAuthenticate Request3016^6IXtil*n/c^3aJls] 
»6201 tt?^©/ \ 'y -> a #S325Rtffg|I?^lin#S328© 

«3b^g''ir>y i-g^jg/T^#ig62uct.2i6n^ ti— 

?6202tiiSliE?<>tJjD#©328roti A^^^-b- -y h 
S621tCtjSI6tl> ^^-y haESiJ?*J36#'IS327T-^fi£? 
tlfef^-ir -y h agiJ?6203l*B8aEWllP#fi8328<r>«6^5^ 
-tr-y hS^Ji'Tx#S621lCtjMe.n?.o 

[0 15 11 y ^•sfi^g.T^#S621^i^ ^-^-y hm 

gij?6203i:+*— / tg|giJ^202i:^J(j|Hl»620l i: «a«g L 

TiSilf^'ir'y |-5g^TlE^Ji'T^7='— ?6204^SJ5KL. m2 
C0>M§ffi#S:321 LTiSiiEf^y -y h SliTSiSJi'TxReg 
istration601i:LTi2II^y-y h-«S#e64ltjiS« (S 
T 6 2 0 1 ) „ 3tl«SttfclSliE^^-v htS?S64(i 

jB5^Registration6016''-^^8>tl/j:liDli^x f^-^-y hlS 

TO^^Jb^^lU'^So K^f ^'fccOjb^^tt+lUf^'ir-y hgE 

[0 15 21 c:n^c>(^^LT^v'rz>h#S61^cfc■l^T 

li^ iSHf^^T'y hTicket304(imi <^iMSffl#IS311T-§ 

«ltBa#®61Hc3l6tl«, f^'5r-y h«l#es#©611 

tilSlI^^'ir-y hx— ?3110*+f- /^SIBiJ^SIOIiimO' 

iS:n*}mm^wmLtLxw%\zmmK. (sxe i o 

1) s ?iJ^igpl#liiei!iji5fP6ioi6't-^^5nfcii^(c. 
iSil^'^r-y hx-'?3m^mi a)S§«#iS311*^L 
milf^'ir-y hTicket305i:LTs J^ttfUfflRTtg 
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m''^^[< ^tizj^^jmrcmmmwiem^ (st6 i o 

2 ) 311 (OmS^^mn LTsgpTM^Author i ze R 

equest602i:LT. ISRj+t-/^¥IS63lCjiiy (ST6 1 

0 3) . i^e>iz. isii^'^'y hx— j^A^eixiiiLfcwsai 

[0 15 31 cm»C)l*LTi8pF+*— /^#K63^^:^5t^T 

ti> ISil^'^r'y hTicketSOSSU'lSRlS^Authorize Req 
uest602t*m 3 WiMSffl^lftBBI tlx WM^'ry 
h X— ?3301««® tlS3-nT^liE?«II#ie333lc3l8 
tlx ifiJffl[5]IS6301ti^lZt±l*tlT^':r')/ H MifrJg5^^IS63 
ItCiMatl^ (S T 6 3 0 1 ) o iSplW-B##|S332. ISliE 
?^^iiE#S333Sl>~9^'^ >y h *55!l¥'JS#S334t*ll 5 . m 

6(om^tmmmtW)f^L. tctiu +»■- /\iffisu?63 

#lft631Stfll2(Oaa*J5E#»632tc2l6tl«, ^-ir-y 

V h§ISiJ?3305i:-9— / \'g^iJ?6302<!:*iJffl|HllSC6301 
trails LTfgiK^-ir'y l-Ji)SMtrlt5^x-'S'6304«^ 
rKU m3 05M§MI#S331^/hLTISiiE^'>--v hSS 
M«T*S5^Update603i: LTiSliE^'^-'V h <gS#K64tC>!l 
^5 (ST6 3 0 2) tittCx fiJffi|£lllD{6301S'?-<O«$ 

f iJSIsiaeBoei L.Tm 3 <D^e/ \-y -> a#S336'sSI 
fi^Update6036':4;^6tl/c*-&tc, f^-ir-y hHESU^^ 

-b- -y f- aEM*'ifit^NUpdate6036': i: t ^ 3 f Ufflisiat© 
^If Ic— Scr ^Cli^^^xy-J^LTx IE Ltttilf^-Jr -y 

< ^StttllSiigiiET-'ir- 'y h Ji»6jiJPRe j ecteoe^jH y 51 
■To iSaE^'ir-y f-Jgi!iejlSD606t*igpr-9— /^^sestcfc 
l^T^ Sg3<DJMSJfB#K331^^1-LTIilI^'!r«y h*Bie 
jIJOx— ?6305i: LTffjfB^'ir-y hSSffJ§5^#S63HC 
2S6tl5o ^-Ir-y hM«r*i/T^#ia:63n*x ^lft/\'y->i 
jl3306*'?-ro$3f ^-S/N-y ->afil3312t LTigRr^^# 
S337tc5M56\ iSlil^y-y hJ6*feii5tPx-^'6305*iW 
^6tl^<!:Ctl^rffi]±f^o m2(7)SLIi(^fE#©632 
ti. =e5SbjS«]63036^-^x.6tl^(!:v x— 
U VS?aa6307:&«T/i:lt5 V^AtC^fiE LTm 2 «)SHft 
MtSSfi]#S633lCjil5i:itlCx m3(D5SSffl#®331 
«^ LTlSRlf^ U >i>'Cha 1 1 enge604i: LT '5' 5 -f T' > 
I>-#«&611C2I« (ST6 3 0 3) „ 
[0 15 4] cn^C>l^fLT'>^'r7'> ^•#®61^C^5^,^T 
lis iSpI5^ -\' U > v'Cha 1 1 enge604{±m 1 «)^a^I#lfi!31 
ITSfl^rtl. 5^ \ U>>>~iLa6103««l8ai3-tlTm 1 0) 
SffteWSSS«#lfi612lc2ietl5 (ST 6 1 04) o ^ 

K/\-y -> iL#®3i7ii> jfijffiiSRr^iiiSBibii^a6ioiA<4 

?LetlTl,^*Ji1^tc> l5iB^^iB1«¥S316<j: y/\>y -> 



iL{l3113^mT. /\-y->3.fl3113tC#?aiHia3112i:?iJffi 

[ia6io2i:a)»ictis-r ^isaoA>y -> ajssH %^T% 
sfa#®6i2tcjS^„ m 1 «DSffti3S*ifS?i?a#K6i2{i. fus 

iSpI*Jii^ji*Q610l3b''-^^6tiTt^5«-&tc. 
•y v'o.fiSeKM.t^A' UV-maeiOBtroP^IT-e-y hS© 
S^ffl!WIISffi>JIS^^T^L\ m^K/ \'y -> afB6l05* 
S^KLs mi ro2IS{f#K311«-^>LTiSRr^^U>i>" 
j:5SResponse605<!: LTISRl+t-/ ^#18631^21^ (ST 
6 10 5. ST6 1 0 6) o /\'y->a>5IIIH««3!E»Sg^ 

J10m^SA-y->affi61O5li/\°7.9-KPW. iL 

aR ostf5^i' u>-ma^39i6^i^m=«ic«tt»r 

5 C (h ti'^T-^ ^t^fc46v Z. (Dm^^W \ 'y -> afil6105(C 
J: U / 7 - K P W^5fn 5iE^ %ii.--*f TJfe^ <!: t>^^- 

JJtt«M-y -> H CD^km"^^ < tT^l3tlTt^5 fc 
46> 05^^/ \ 'y -> a fflei 046^ 6 :k(0^^/ \ -y -> i fi^ 

fc\ /\'ye/ii5aw*-iKiciig^3iSJ;yt,i oofg«± 
;g)iTSs<t*ti. ji«]^^aTaBti«Bi^«rat>fcis 

[0 15 51 2:tHC3sfLT|gpI-»f-/^?S63lCfct>T 

lis iigplf'-v bVv'I^Jl^ResponseeOSlimstDjigff^ 
IS331 tl> m^lS/ \ y -> a^l6308*^liai*tl 
Tm2 (Djltfti3MiSSfil#S633lC)S6tl^ (S T 6 3 0 
4) „ S2©SMft«iSS»#e633tts 5^1'U>-ma6 
307 i: ^SL^IS A -y -> il {16308 i (35 T ti" -y StDSf 'ftt 

6^isaa)^lSs^T* ^ Tv \ :l ^i6309^^#Tm 

305^^e/\'y->:i#e336lc:ai5 (ST6 3 0 5) „ m 

3 <7)^|g/ \ -y -> a #IS336t*. ^15/ \ -y -> a{l6309lcfij 

ffi[ii!!a6306icffl&'f ^isac^M-y -> 3.>^|g«■^7*•^T. 

-> n.fa3314«IgRrB8-&#»337lc2l 
So slRl,^^#K337liEl 5 s E16CDJS-&<t:I^l«llcK<'f 
L. ISRliii^P X- ^ 331 3 (DiMS^f^ IS331 ^^t" L 
TigRljifflResultBOBi: LT-J'^-lTV h#^6HcilS 

■^'7'r7'>^*S61^c^Jt^T■s^§^tl«o fc/£u 
-> iiii33i2©«»g#^iaj±7!rti/cJi-&ici* ii om y ti*^ 

l^ (ST6306, ST6307) „ C<0:^^ltj:y> 

63^^46/cS=#l^0^6^t-'<!:'a:<. n [£l*T-^iiEf''5^ 
-y h 305^«ffl LTaaiOBgpI+^-/ LTf Uffl 

[0 15 6] 35:fc\ J.X±a)iJ{0^T-«'?5-r7'Vh#S61 
ICfct^T^MBSpT^llSO/cO-lc^-S/ N-y -> a{i*H-»"r 
^U^^r-y h(DlX#^lC-r'<T©«a 
CD^S/ \'y -> nfS^^tuH-S LT^ffilBtt#IS316(C|a 
ItfSWfiKi: LTtSl\ ■f-colt^x «I^IB1t#©316 
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[0 1 5 7] c<^)d:3ic. z.<Dmmm7^it. mm'^^r 

[0 1 5 8] (IfSCD^SScDJ^^) SScDHSfeFgSlroiS 
[0 15 9] iKi::otiv c:<^igiiE->X7'/*«o:/p h=i;u 

=&/T^-ryp h=i;U->-'!r>XISI7-S^o E12 O^C^>l/^T 

El 1 4 ^^-fT>y-^m7\ mmv—/K 

pj+^_/<;^fg74:{fJiJ]aLTt^^o ^Tc. sgpTMjRAuthor 
ize RequestyoKi'JfiJffllHlilfk^itS^^.. sSrISSRAu 
thorize Request701St^liEf''!r'y hTicket305*Stt 
/fclSRi+J--/ ^^IS73«^ggRrP5RAuthor i ze Request701S 

i:+^-/^laS'J?^5 I Di:SpJfflEl»ki:*i:'fe*-pfc^aE 
^-^r-y hJIS!13^lnquiry702%igiiE-y--/^#S72$/cli 
m2(DsSprt»--/^'#S74'\53^i»^s cntcS^LTii^^lC 
f5i:TlSSl^'5-"y hJ6iii6jiSaReject7056^)S5-n5,'Sx 
IgpTf^-V U>v>'(hal lenge703««fiJSIsl» k ©f^fcU ICS 

-V Uy->''fE;^Response704JbV\°7.'7- KP WiSLIilR 0 
tODjiJetcJsrLTn - k + 1 fStOJVy'yn.mS-H^ML 

[0 160] C<0755£ICJ:U. -^^-f 7'>h-#^7n*/'? 
X7-KPW^!SpIt»— /^#I873. m2<D|gpr+^-/^# 
S74^$4&fi:lg:E«(tB^!!)"t- d < s n ID^TiSiiE?^ 
■ir-y h304-VfMSf T*'nrciSiI5''>-'y h501€-fi!ffiLT*M 
IgpI^iS^Slt/yT'^s fiJffl[Hiak*'?^-<7'>h#^ 
71 fe^eiiSRlt*--/ S'#IS73^i> LTBSiiE^'^- h «•5I^7 L 
fciSSE+t-/ S~#ja72$/-c(iM»r Lfcm 2 <DigRl+^— / 
K74lCjMoT^x-y{'f Sfctts iSII^'ir-y h304«^1S 
I»©SpI-9— /<:#S73. 74T-tt51l!:^iJfflDrt6^t(^i:-r 
A^o^xy-J'ftiJKOh^^-i-'y^SiJffll 

[0161] Z'3>J:-53S:yp h=i;U->-'>->X«j#r3S 

|I->XxI^<D^i,5K^COl^TE12 1 ^#FSLJ5:#'6lKB^r 
5o 112 1 ICfc'^^TtEll 5 tmtSi^(DI,i. <7=7^Ty 
h^«S71. SBEtt-/^#e72, ^pT+J— /<#«73T'feo 
T. *eicS2 7)ilgRl-y— /^■#S74^jIJ)QLTt^^. S 
fcs •?5-fZVt-#IS71lC*Jt^Tiai 5CD<7-7-<7'> h 
^asiiSi&SXjWs iSiiE^'!r-y K^«J#-r5<»:i:t»lc 

^(DmmmWLk^mm-t^^^'y h«if«a*«a:7iis 

^-ir-y h-{S*$#a511(D<-tlpytCigtt. e-y hS«DSffd3 



4S72tCj5L^TEl 1 5CO|giI-9--/<#S32i;Sfe^Ol*. 
fgE^^'y KOSI^^f:&BSLTSa^^cIHl^■r5^'!^•y h 

5o ^/i:. |gpI+»— /\"^gi73lCi3l^TE1 SOISrI+J— 
/<:#K53<»;S*5<Dt*. sSaE^'ir'y KOf^-ir-y t-BISU? 

■rs^^'^r-y hMSTeS#S731^^'!r>y h^iJfflgii^S:5 

2 05SL!!S*^36#IS732. t -y hSCDfiPffi3MISS?0>IIS^ 
iT35:eig205Sf^teWsaS?a#S733^ISl:^. -giStO^SI 

^^ftttfc-iaits^o «2<7)igRr-9— /^#S74«Kpr+J— 

/^^IS73i:IW|«lro«)S^*#ot<DT-S5o 
[0 16 2] 5^>r-y h«ft*gS#S!711 LTl±. 

■y h«}t#ifi5ii ^:Ill^i(DtSfi!6^c^y«iHlila£ottl^5^T^: 

^^-y KfigiTlS^S721i:LTl±x 1?J^l*x- 

■drtc J: »J mmz^ *o ^-ir 'y h MfTeS#K731 i LT 

/ W X -t cDiie^i±lc J: y 5 o H 2 (DSLa*m# 

Ift732i: LTl±. SLa*fi!6#^324i:ill*iCOtifi!6*"'ffifflT- 

=1 > fc:° a — •$! ±05 =] > 3. — •$f "^P A.^IS ffl L 

[0 16 3] W±OJ:3l::«B)6?nfciSiiEv'7.7^A<0ifi 
mc:-:>t''TH2 2«#BgL^*'«5BiB^t-5o z.z.z\t. 
iSilS^RAuthenticate Request3016''iSIIE^'y -y VM^ 

[0 1 6 41 STx n— »fSBE#»Stz:33tt«^'^'r7'> 

f-^IS71St;iSiiE-9— M"#IS72lc33lt^!(l^t(*l21 1 5. 
Ell 6<7)JS^i««l^«T\ a^^WlcliiSiiE-y— 
72d; y •^^'TT'V l>-#S71'\f8SE'?''>-y hTicket304«« 
SISnSo fcfcU '?^-1'7'Vh^lS7ncfcl.^Tl*s il 
0Di:^ro5^'b--y h^Jt^SSII^Dii^'F^^'Ir-y hfSJt'g 
S#S71 1 jfj^T'S: a , ^ /cig|iE+J— / <#a72lCjJl,^T 
l*^ ISIiHI^uthenticate Request301*>6IX{lJ5'tl/<: 
*385l£]a7201 ti^K^ \ -y -> n #|g325St/ISIIE?f^fflD# 

'gs*©72ni:t3Me.n> ^-^--y i-issy?^fi!6^iS327T- 

^B)6* nft^^lr -y HiaSiJ?7203l*lSiI?1tJD#©328CD 
\m9'Ty h5lff'gS#g:721lct,3ll6=h.«, ^-ir-y h 
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ISV. =f-*r^v hlSSiJ?7203,l:+^— /^iaSim202,i:*5aiHl 

a72oi t^y fijfliRr«giHia*5"x-rffit LT<o«s&iaa72 

01CDi|i:&^'>-y hUXHCiSUnLIBIfrS (ST7 2 0 

1) o 

[0 16 5] Z.iWznK.X'y^^Ty ^#S:71^^:^5l^T 
tis fSSE^^T-y hTicket304l*||1©jS6Sii#S311TS 
1f7*-n. Sgffi^'i'-'V hx— S'31106''IXI±iS-nTHtlfB^'!r 
•y h«Jt^S*ia7lllciMen5o SulB^^-b-'y 
S#JS71 1 gSE^^-^ -y h 7^— 5» 31 10*-9— / <t«BU?3 

(s T 7 1 0 1) ^ fy^iSnr#iii«3i!)ii*Q7ioi#«^^e 

tifcJS^lc. iglE^y-y hx-'S'3111^mi 
S311^^>LTiglI^'ir'y h-Ticket305<!:LTs ^fcx ?i 
"■JIUfflRlSglHia^r 1 MCfc5^71SiiE^'5r.y ^-6^6IXal 
Lfc:#«llsl»6^ii§l < Z. t It J: y f§fcf"Jffliaa7102* 

(ST7 1 0 2) ^1 (DiMSffl#IS311^^rLTiSRlS 
5RAuthorize Recuest701<»: LTx ^n^nigRl-y— A# 
IB:73lC}||y (ST7 10 3). ■i£ia\^mWf-'T'V \-=r— 

)b^6l!iaj Lfc^?SJjl2ia31 12^^S:/ \'y -> a^K317tC 

[0 16 6] c:nic«LTis:pr+f-A'#|g73icfct^T 

tt. USE^-tr-y hTicketSOSSlfiSpTS^Authorize Req 

uest701tim 3 C'Hl§fl#S331T§ffl#nv KII^^ 
h X— S»3301*''lRtiltrnTiSliE?«SiI#lfi:333tCjJI6 
tls f'Jffll2|»7301«<l5jai3-nT^^r«y hM«iea#«73 
llCiM^tl^ (S T7 3 0 1 ) o 

[0 16 7] |gl5IttBt¥ia332. iSII?1tli#K333SO-' 
^^-Ir-y h*3a*'J;E#ie334(il211 5, Ell 6roJi^<b« 
ISI^«{CSM^U rcfcL. -9— y^sasij?7302{i^'>-y h 

■^%^\'^^w.y\(r>\^is^^*T -y h- MiT*ia#®73i tjn 
sn. *5aiji*P7303«f^'>^-y hM«fes#ia:73isi>"m 

2©J5La*J«#ia732l::3l6+l5o ^-{r-y hM«feS# 
ii«]7303*''-§^;^5n5<t:> ^^-^-y i-mS'l^iiOSt^-JK 

mm^T- •? 7304^^#Tx m 3 (Djusff? iS33i l 

T5$^T«ISSU?:5308(D/T^-r SSil-y--/ ^~^IS72$ fcti^ 2 
ODiSpJ-it- /<#Jia74'\igiiE^':r-y hSSF,?.^lnqui ry702 
^aS^iirtfC. f^-^-y l«SlgiJ?3305i:-9— /<faB"J?73 

02i:W5ajiH]a73i)i twjmm'^m\B\^^mrmi: ltcd 

»S«llHa7301©iia*^':r-y h iJX hlcilSnLIBIfr^ 
(ST7 3 021 o 

[0 16 8] L:tl^Stt/cS8siE-9--M"#®72T-l*s ISliE 
[■ mmm^ 1 nqu i ry702(im 2 c7)3M§ffl#IS321 7' 

-iT'y hf?^Tes?S72nc2ien?.o miE^^y hm^ 

eS#S721t±. iiSilf^'Ir-y hMESSSx-'S' 72056^^ 



pjmmwit(Dm\,c 1 sD^rct®.!:— sfc-r^jb^^^in'^x t 

— Sf<D«^tCtts8II^';r>y HflftiiJEP 7^-^7204*^2 

ro3M§ffi#IS321*^>LTISiiE9^'>--y hJg$fijl?DReject7 
OSiLTjIlttjSro SiSx m2©iigpj-9— /<#S74««C: 

[0 16 9] iSRI■9■-/S■^la73^C^5l^T^i^ SSglf^'ir'y 

h-jgi!i6jisn705i*^ 3 (D'&^m^m3^^ft Lzmm^'r 

•y hieifejifflx— S»7305i:LTS5K^'^'y hM«f«S# 

IS731lc»«en^o BiliB^'^-'y hMtr'gS#IS731fi. ^ 
Ift/ \>y -> affi3306€-€-<^>^ S^'SA-y -> 3.<i5302i: LT 
SBl!!B^#®337lc3|y. ^-^--y hSIgiJTfc^yfiJfflpr 

tgiaa-ttl— /^MSiJ?<i:(73$i5303«rm 2 (75igiiE?'^^f^]D# 
S5331CJM^6\ Sgll^':r'y f-Jg^giSaiT^— S'73056''^ 

xe>n^tzne>^9ti±t^. ^2CDiLa^B2^©732 

I*. WSI!iiifil7303fi«4*6ti«i:. 7=^-'S'mfflro5^v 
U>v''SLa7306*ifrrc(C^ V^~L.tC^Ji!6LTm 2 (DJ^ffte 
«liaS*tl?K733lCiili. t iltlCs S 3 ©ill§ffl#S331 
^^^LTsSpT^-v^ U>>>Xhal Ienge703<!: LT'J'-^'l'T'V 
^#IS71(C3M5 (ST7 3 0 3) o 

[0 17 0] ^:nlc5RtLT^5-r7'>^•#S71^ciJL^T 

f,t. SIrT^-V U>-:>Chal Ienge703«ll 1 «D2ISfi#&31 

iTSff u>v'SLa7io3A'iixai*nTm i 

fifft!3fi^iiSSffi#lfi;712lCj||6n5 (ST 7 1 0 4) „ ^ 
Ift/ \-y -> i#fS317li. f iJffi|gpr#)IIIiSifiiiM71016'«^ 
it StlTt^Sli^^c. BUBB«ffiBB1t*e316 J: y / \ y -> 
a.^i3113^^iT. /\-y->3.{ii3113tt*^[Hia3n2,»:?iJffl 
|sia7l02i:(7)Mtc*ga-r ^Saro/ \-y iL-aiS H ^•ft'S: 
oTs ISm<D^S/N*y->affi7104=&. mi<D«^fSMiSS 

?a#S7i2(c52i5o m 1 <Dm^^mmmms.^^2l,t. mm 

ISpJ#|ii^3S]jiSP71016^%-^t.tiTl^-i)«-a-(e. 

>y v'iLfi7104i:^^ UV-ma7103i:©HT'lf -y h«0 

sffl!^«l^s^P3!ll«^T^t^s n -y -> ^ W7io5* 

^fiicL. HI (D)Mgft#l9;311*^>LTSgpI9^-vU>5>" 
JS^Response704t LTISrI+J— /^#®73lCill^ (ST 
7 105. ST7 10 6) o /\'yi/a3IJSH*f<?E»S^ 
^-75lRl14 <!: iem(D*S-Stf^ V ^"^It^^t ^ TO^^pg 
i::(Dm^5>S!M-y->affi7105l±/\°X'7-KPW. SL 

aa ostf^-*' u>-ma«5ai6^t^ilH#ic»n-»-r 

« d i:««T'*^t^/i46. (7)m^K/ \-y -> iifi|7105lt 

*n^o $fc. ia£ic*6^<DS;5ti<!:^S:/\'y->i{iHt 
»lt \ -y -> H ©ISa*'*^ < «f totlTl^Sfc 

46v d cD^K/ \ -y -> n.^i7i04*^ 6 5>:w^ia/ \-y -> a.fi* 

fc. /\'y->ii3llltt-ll5ttl«^*3l»<fcyt.1 0 0fgW± 

SjiT-fesi^tis 2i^5[)^KaT!fetl^^llg^*fflt^fcit 

[01711 c:^alC>l>fLTISpI-9--/<^S73lCfcLNT 
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lis W^'^^' U>i>~):E;^Response704tim3a)3M§'(fi# 
Tm2 <^)»tfS6<liilSffl#l&733{CjM6tl« (S T 7 3 0 

4) o m2rosw!3WiiSffl#iS733ii. ^^'l^y'J^lm.^ 
Mlss«]>^ll^^^f * ^ Ts \ •> j-mim^mrm 

3©/\y>'a#K532lt3l5 {ST7 3 0 5) „ ^3© 

IVy-yiL #IS532li. ^13/ \ •> -> iLfi7308lcy \ -> a. » 

•:j T, m^<D-^k^mJ \ y -> JL{a5305€'iSpja§ 
^#IS337tcai;5o SRrR8^#®337Stj'm 2 01811^ 
Jja#IS533lil21 1 5. Ell ecDJf-g-.hlll^lcKif'FL. IS 
EE^'b- 'y h 5308^11 3 (7)ill§{l#IS331 LT 

«o /fc/eL. mti'f^'y h*BiejijaiReject705©§ffllc 

ct y ^iSM'y ->;ifii5302si>'9'':r-y hmwij'tmvmm 

pJ*g(2iat-y--/^iffiSiJ^-<!:«0«§5303£OfJti^6''«]±*nfc 
Ji^lC«2:<DSB'JTH*^tMST7 3 0 6. ST730 

7) „ 

[0 17 21 iiniC3>fLT'J75-f7'>h¥ia:7Hc*>l,^T 
lis fSaEf^-^r-y •>Trcket501»Sl ©2ISfi#S311TS 

ItTjmv SSiiE^'r>y hx— ?5101<!: LTtuiB5^'!r'V 
J#'gS#S71Uc2l6n«}#*nT (ST7 1 07. S 
T7 1 0 8) s ;5clHl<DfiJffilSRr#)llTiIffi*n^o 

[0 17 3] cntc J: 5 -r7'>h#e7i 6^6 sKrt+j- 

-/\"^IS73lc5ll'5n?.ig|I5^^ -y h 3056^ i: ^ m 

^i8/N-y->iLfiii*. t(D^mmimm^i::'t^z^t'■:^=M 
■oTn<<oT\ mpjv—/ i^msTitf \ -y -> n mmt i 

Tt-^o c:«D:^;£lcJ;y. ■i^^'TT'V h#IS71ti/'?X7 
- K P \N^mWf-J \'#lfi73. 74*^i6/j:MH#tC0^6^ 
■rci:35:<. $;fe14©J:^JaSt^il§Ef''5^•y h305«1Sffl 

[0 17 4] %;fo\ J.X±<7)iJlB^Tl*'?^-<7'>h^lS71 

icjjo^TfijffliSTOS«)ftu^tc^s/\'y -> ifi^-ttwr 

<D^®/ \ -y :i'l^^tuitm LT«IS&iB1t?S316lCiB 
[0 17 5] il.I)d;dlc. iSaEv'XxL.^**]5feflJXI<^) 



[0 17 61 

T-lis Hue. ^^-I'T'V htJT«D0g#®S^'^^Si:-e- 
[0 1 7 7] m2(C. IL-+fiSiiE?)litc3i3t^Ttv 

[0 17 8] S31C. ^7^-i'7'>h#l9:3S«^^LfcigtI 

mm^'r -y h A>;^t??.B-&ti$S*'^:i-tfiSiiEtf $B<i:^RIHl^ 

[0 1 7 9] m4ic. iteffiit$B©^RrjM3lS*-:)5[R)l4 

[0 1 8 01 msic. iSpI+f-/<;#IS6'!lSiiE^':r-y h<7) 

[0 1 8 1 1 He (c. igfi^'^r-y h<Di^m^WL^'sm-r 

[0 1 8 21 »71C. /^#S-^f8pI-9— /^^e 

fe^mi^'^r'y |-cDfltTSBI^fB1fr^'fccOT-(*s 
^•y l>-*^M«r*ni>->Xx/*lc*5t^Tv IgiiE^'ir'y 

[laacoiism^iiiR^i 

[0 2] *fg^CDl|2(0llJft(DJ^»llCt5lt5iSSE->7.x 

[@ 3 ] ^fgB^rom 3 <7)iis6©jK»»cfcnt5SSE->X7^ 

[114] *ieB^(7)m4a)l|]S£G)}lJS6lCj3lt^igiiE->X7^ 
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ms] *f|B^<^m4©||SgcDfl5«iti:fcnt«igiiE->7.x 
[117] 2|!:5«B^cr)m4<DIISga)fl5®lCfcHt5ISfiE->X5^ 

[08] :^mm<Dm4<Dm&<Dmmicisif^mii->7.7' 
[09] *fiP^fl)m4<DSiss(0fBancfctt«igaE->xx 

[HI 0] *#|B^(DS4(7)glSS<DfKffilcS3t:J-^iSiiEv'X 

[El 1] *5|B^©m5(0§lffi<DJ^88tc*il+«SSE->X 
^^ACD^P l-a/l/v'— !r>;^l21. 

[Ell 3] *5«B^cDm5CDII)5Sa)m!glc33tt^lSII>'::?> 

[014] :«:M«a)m60:}|IAfe<D^ftg(C^nt%ISiE->X 

7^L>(Dyp ^p;^?/-':^>7.0^ 
[015] *S|B^I<Dm6©IISg<7)JgSllCjitt5iSijE->7. 

[016] *5|B^i(Dm6(D*Sfe<0Jg»tJ:fcHt5SII«>X 

[017] :^^m<Dm7a)mm<Dmmizi3if^mm'y7. 

=rL.<Dyu |-P/Uv'-'^>X0. 
[018] *fSB^l£Dm7cD5l]ffi<Dm!filcd3tt-5igiE->X 
x/*©«t6:?P'>^'0s 

[01 91 *««B©m7<3!)*fl6©m»ltfclt«BSE->X 

X A(0i(){^«-/7^t 7 P -0s 

[02 0] *f|R^I©S8<DIISSCDJgl8lCfcttSISIIv'X 
xA<D7^P h=l/l->-'>->7.0. 

[02 1] *?|B^I«Dm8(0llttOJBIglCfclt5i8IE->X 

[02 2] *fg^|C0S|8CD5ISSroJ^S8(Cfct:»-56SliE->X 

[02 3] '<im<rMm)5y^<Dnm:^^>.rm^m. 
[02 4] t*j|5fl:'|giiE5&?£<^>:/p h^yu-v—^-vxE. 

[02 51 ti!e3l5<7:.KII*»©«fi67»^P-y'5'0s 

[02 61 u^(rjmW5m<owm^jjktyu-mT^^ 

So 

[??#<D^] 

K 11x 21. 31. 41. 51. 61. 71. 81 <7=7^TyV^ 

2. 12. 22. 32. 42. 62. 72. 82 igiiE-9— / 



3. 33. 53. 63. 73. 83 Vi^^—I"^^^ 

4. 14. 24 %JSffitS?fi 

5 . 7 . 803. 805 1811^'^ h 

6. 804 Wp-mn 

8 . 806 ISRlii^ 

13. 23. 801 ISSE«^1ff^ 

64 iSKE^'>->y h^a^s 

74 m2(DiSRl+^— 
311 mi<^J^Sfl#l9; 
312. 811 A:^#S 
313 

314 ^-^--y 

316 «iiBieit#m 

317 ^IS/\->->a.#IS 

321 m2<Di^§1i#S 

322 i§iiEi+B$#® 

323 vtmmmiA^WL 

324 SLUS^^K^IS 
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